New android malware steals crypto private keys from screenshots

The FBI has warned that North Korean hackers are aggressively targeting the cryptocurrency industry through sophisticated attacks.

A new Android malware named SpyAgent, discovered by McAfee, can steal private keys stored in screenshots and images on a smartphone.

SpyAgent uses Optical Character Recognition (OCR) technology to scan images stored on the device and extract text, including sensitive information like private keys.

OCR is commonly used in various technologies, such as desktop computers, to recognise, copy, and paste text from images.

McAfee Labs detailed that the malware is distributed via malicious links sent through text messages, tricking users into clicking on them.

These links redirect users to fake, but convincing websites that prompt them to download an application appearing legitimate.

However, the application is actually the SpyAgent malware, and once installed, it compromises the phone's security.

SpyAgent is often disguised as legitimate applications, such as banking apps, government services, or streaming platforms.

When users install these apps, they are asked to grant access to contacts, messages, and local storage, further exposing their private data.

The malware currently targets primarily South Korean users and has been detected in over 280 fraudulent apps by McAfee specialists.

In August, a similar malware named “Cthulhu Stealer” was identified on MacOS systems, also posing as legitimate software to steal sensitive data.

Cthulhu Stealer extracts personal information like MetaMask passwords, IP addresses, and private keys from cold wallets stored on desktops.

During the same month, Microsoft uncovered a vulnerability in the Google Chrome browser, likely exploited by a North Korean hacker group named Citrine Sleet.

Citrine Sleet reportedly created fake cryptocurrency exchanges to send fraudulent job offers to users, leading them to install malware that could remotely access their private keys.

The Chrome vulnerability has since been patched, but the wave of malware attacks led the FBI to issue a warning about the activities of the North Korean hacking group.