Android Pixnapping Attack Steals 2FA Codes in Seconds

A new side-channel attack named Pixnapping allows malicious Android apps to steal sensitive data directly from a device's screen. The attack requires no special permissions and exploits a GPU hardware vulnerability to covertly reconstruct visual information from other applications, pixel by pixel. Researchers demonstrated that it can extract two-factor authentication codes in under 30 seconds, as well as private messages and financial details from popular apps. This vulnerability affects a wide range of modern smartphones running recent versions of the Android operating system. While an initial patch was released for the high-severity flaw, a bypass was quickly developed, with a more comprehensive fix expected in a future security update.

Latest mentioned: 10-15

Earliest mentioned: 10-14

Sources

cybersecuritynews.com thehackernews.com malwarebytes.com securityboulevard.com bleepingcomputer.com wired.com

Also Read

Sophisticated Malware Targets WordPress E-commerce Sites

The Wordfence Threat Intelligence Team has discovered a complex malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as a rogue plugin, employs advanced encryption, fake images, and remote command access for persistent exploitation. It logs user credentials, establishes backdoors, and injects JavaScript skimmers into checkout pages to steal credit card data. The campaign is attributed to Magecart Group 12, known for their persistent credit card skimming activities.

10-31Read more →