‘Pixnapping’ Android attack could expose crypto wallet seed phrases
Researchers have uncovered a new Android vulnerability that allows malicious apps to reconstruct on-screen content, such as recovery phrases and two-factor authentication codes.
A newly discovered Android vulnerability enables malicious applications to access content displayed by other apps, potentially compromising crypto wallet recovery phrases, two-factor authentication (2FA) codes and more.
According to a recent research paper, the “Pixnapping” attack “bypasses all browser mitigations and can even steal secrets from non-browser apps.” This is possible by leveraging Android application programming interfaces (API) to calculate the content of a specific pixel displayed by a different application.
This is not as simple as the malicious application requesting and accessing the display content of another application. Instead, it layers a stack of attacker-controlled, semi-transparent activities to mask all but a chosen pixel, then manipulates that pixel so its color dominates the frame.