Android Malware Can Steals Your Private Keys By Scanning Your Images

The FBI recently warned that North Korean hackers are aggressively targeting the crypto industry using sophisticated attacks. One such threat is a new Android malware called SpyAgent, discovered by McAfee, which steals private keys by scanning images and screenshots stored on smartphones.

SpyAgent uses optical character recognition (OCR) technology to extract text from images. The malware is spread through malicious links sent via text messages, tricking users into downloading seemingly legitimate apps. Once installed, these apps—disguised as banking, government, or streaming services—request permissions to access contacts, messages, and storage, compromising the device.

This malware is mainly targeting South Korean users, with McAfee detecting it in over 280 fake apps.

Malware Capabilities and Behavior

Once the app is installed and launched, it begins its main function of stealing sensitive information from the user and sending it to a remote server controlled by the attackers. The types of data it targets include:

Contacts: The malware pulls the user’s entire contact list, which could be used for further deceptive practices or to spread the malware even further.

SMS Messages: It captures and sends out all incoming SMS messages, which might include private codes used for two-factor authentication or other important information.

Photos: The app uploads any images stored on the device to the attackers’ server. These could be personal photos or other sensitive images.

Device Information: It gathers details about the device itself, like the operating system version and phone numbers. This information helps the attackers customize their malicious activities to be more effective.

Malware attacks have surged in 2024. In August, another malware called “Cthulhu Stealer” was identified on MacOS systems, stealing personal information like MetaMask passwords and private keys. Additionally, a vulnerability in Google Chrome, exploited by a North Korean hacker group known as Citrine Sleet, allowed hackers to steal private keys by sending fake job applications through fraudulent cryptocurrency exchanges. While the Chrome vulnerability has been patched, these ongoing threats led the FBI to issue a warning about the rising danger from North Korean hackers.

Android Malware Can Steals Your Private Keys By Scanning Your Images

Malware Capabilities and Behavior

What do you think?

Written by 365Crypto

Shapeshift Hits $1 billion in Total Trading Volume

Fato Reader a PDF Malware that Steals Your Crypto

Half of the Financial Scams in 2023 Used Cryptocurrency

Mastercard to Offer a Debit Card to the Self Banked Self-Custodial Wallets

South Korea To Inspect Exchanges

After India & Indonesia, South Korea Also After Telegram

SEC Suing Fake Exchanges Linked To Dating Scams

Hex Coin Founder Now in Trouble in Finland

Gary Gensler Pressed by Congressmen on Airdrops Status

L2 Trades on UniSwap see 62% Growth Year Over Year

Shapeshift Hits $1 billion in Total Trading Volume

MicroStrategy Plans to Raise $700M Through 3rd Debt Offering

More than 600 Million People Own Crypto – Doubled in 2 Years

Trump Family Accounts Used For Scams

365Crypto Website Official Launch

NCR Atleos enables New Bitcoin cashout features for LibertyX customers

Genesis Block Day – January 3 (2009)

Pavel Durov, Telegram & VKontakte Founder Arrested in France, and Risks 20-year Prison Sentence

Coinbase’s Major Legal Victory Over SEC: A Game-Changer for Crypto Regulation

Why The Online Adult Entertainment Industry Should Embrace Crypto Fully

BTC just hit $63k

Solana Launches Second Smartphone, Seeker

SEC Suing Fake Exchanges Linked To Dating Scams

Louisiana State Accepts Crypto

Hex Coin Founder Now in Trouble in Finland

Gary Gensler Pressed by Congressmen on Airdrops Status

Malware Capabilities and Behavior

What do you think?

Log In

Sign In

Forgot password?

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections