Android owners warned over attack that can extract passwords from photos and leave accounts empty

Android owners warned over attack that can extract passwords from photos and leave accounts empty

Technology

If you do this one thing you are at risk of having your bank accounts drained

Follow on
Follow us on Google News
 

(Web Desk) - Millions of Android users are being warned of a chilling cyber threat that could raid their bank accounts, leaving them empty.

SpyAgent, has been identified as a new malware which runs the risk of draining all funds linked to a device's wallet if tech users do this one thing.


Android users who have taken screenshots identifying their cryptocurrency wallet recovery phrases could find themselves vulnerable to theft.

By using optical character recognition (OCR) technology, hackers employing the malware could use the cryptocurrency recovery phrase.

Also known as the seed phrase, the series of 12-24 words usually act as a backup key for a cryptocurrency wallet in the case of a lost device or forgotten password.

By stealing the backup phrase, the hacking technology could gain access to all of the funds linked to the device as threat actors could use the malware to restore a device's wallet and steal the stored funds.

As recovery phrases can be difficult to remember, users are advised to note down the words and store them in a safe place.

But this could leave people vulnerable to online attack if they decide to take a screenshot and save the image on their device.

McAfee has previously identified at least 280 APKs which were traced to a malware operation distributed "outside of Google Play using SMS" or "malicious social media posts".

This malware could exploit OCR to get hold of the recovery phrases stored on an Android device, hazarding a serious threat.

The Californian based Security Group has also seen attempts to transfer this use to exploit iOS devices meaning this type of attack could reach further tech consumers.