A phishing scheme is targeting Android users in South Korea and the UK to steal their crypto credentials.
A McAfee report revealed the prevalence of malware targeting Android users to steal their crypto credentials, including the mnemonic phrases representing private keys from screenshots and images.
The malware—called SpyAgent—uses optical character recognition (OCR) to scan the media saved in Android users to gather sensitive data that can allow the developers to part crypto users from their funds. OCR is a commonly utilized technology found across devices that enables said devices to read text from media files. Beyond images, SpyAgent can also collect information from text messages and chats.
McAfee’s investigation broke down how the bad actors behind SpyAgent are getting phones infected with the malware. They are turning to phishing campaigns launched across social media platforms and sending phishing links via text messages. These posts and messages often advertise trustworthy applications, “banking and government services to TV streaming and utilities.” The websites on the other side of the malicious links look identical to the real ones, easily tricking individuals who follow the links to download the applications. However, the applications on these websites, downloadable as APKs (Android Package Kits), install SpyAgent. The malware then takes over phones to scan for text messages, images, device information, and contacts.
SpyAgent Targeting Android Users in South Korea and the UK
McAfee has identified 280 fake applications used to distribute the malware, with the nefarious phishing campaign primarily targeting South Koreans. However, the investigation also found the bad actors behind SpyAgent launching campaigns in the UK. “This development is significant as it shows that the threat actors are expanding their focus both demographically and geographically,” the report read. “The move into the UK points to a deliberate attempt by the attackers to broaden their operations, likely aiming at new user groups with localized versions of the malware.”
Two other malware schemes were unraveled in August, one targeting Mac devices and the other going after Windows devices.
Source: https://www.livebitcoinnews.com/android-malware-can-steal-private-keys-from-screenshots-and-images/