Crypto fans beware — hundreds of Android apps found using OCR to steal login details

News
By published

Install these Android apps only if you want to lose your crypto stash

A padlock image floating over a smartphone.
(Image credit: Shutterstock)

Cybersecurity researchers from McAfee have uncovered hundreds of malicious Android apps designed to steal access to people’s cryptocurrency wallets.

The researchers dubbed the campaign SpyAgent, which was made up of 280 apps in total, so far, mimicking legitimate banking apps, government services tools, TV streaming, utilities apps, and more. The criminals would host then these on malicious sites and third-party app stores (never on Google Play Store), and look to trick victims into installing them via phishing, social messaging apps, and similar.

When the victim installed the app, the malware would scour through images saved on the device and use optical character recognition (OCR) to scan the contents of the files. If it finds anything useful (for example, words), it would exfiltrate the contents to a cloud-hosted database, where the attackers would grab it.

Mnemonic keys and seed phrases

Most cryptocurrency wallets have two layers of protection. One is a password, a PIN code, or biometrics, which is stored on the device and allows the user to access and operate the wallet. The other is the so-called “mnemonic key”, or “seed phrase” - a set of 12 or 24 random words, which allow the user to load the contents of the wallet into a new device. The mnemonic key is a backup option of sorts. If a user loses access to their phone, or hardware wallet, they can get a new one, load the seed phrase, and regain access to their wallets and all the currency found inside.

However, if a malicious actor gets their hands on the mnemonic key they, too, can load the wallet and easily empty it. Since many people use “hot wallets” (mobile apps, basically), they also store their mnemonic keys as screenshots on their phones.

The best way to protect against these apps is to only download them from vetted sources, such as the Google Play Store. For more details on malicious apps, check out McAfee’s report here.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
mobile phone
Popular Android financial help app is actually dangerous malware
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Latest in Security
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
These fake GitHub "security alerts" could actually let hackers hijack your account
3d rendering of a submarine power cable on the seabed
Subsea internet cables can now ‘listen’ for sabotage using irregular pulses of light
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
Latest in News
an image of the Samsung Galaxy S24 Ultra
Finally! One UI 7 has a release date - here are the Samsung phones that’ll get it first
Google Cloud logo
Google to acquire cloud security platform Wiz in $32 billion deal
GIMP 3.0 interface from the website
Our favorite free photo editor finally got the update it deserves - and these are the top 5 features designers should know about
FCC filing for the Nothing CMF Buds 2 Plus
Nothing’s next-gen CMF cheap earbuds slated to arrive within the month, but don’t expect hi-res audio support
John Loeffler holding the Ryzen 7 7800X3D
Great news! The best gaming CPU ever made is finally available for it's original MSRP again
Garmin Instinct 3
A new Garmin study hints at the link between burning calories and happiness, and I've got good and bad news
More about security
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

These fake GitHub "security alerts" could actually let hackers hijack your account
Dark Web monitoring

A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
an image of the Samsung Galaxy S24 Ultra

Finally! One UI 7 has a release date - here are the Samsung phones that’ll get it first
See more latest
Most Popular
an image of the Samsung Galaxy S24 Ultra
Finally! One UI 7 has a release date - here are the Samsung phones that’ll get it first
GIMP 3.0 interface from the website
Our favorite free photo editor finally got the update it deserves - and these are the top 5 features designers should know about
Google Cloud logo
Google to acquire cloud security platform Wiz in $32 billion deal
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
These fake GitHub "security alerts" could actually let hackers hijack your account
MOZA sim accessories
The cutting-edge controllers that'll make your sim feel incredibly real
FCC filing for the Nothing CMF Buds 2 Plus
Nothing’s next-gen CMF cheap earbuds slated to arrive within the month, but don’t expect hi-res audio support
AMD RX 9070 GPU models
We won't be seeing any Radeon RX 9000 series GPUs from MSI - AMD prioritizes other board partners instead
John Loeffler holding the Ryzen 7 7800X3D
Great news! The best gaming CPU ever made is finally available for it's original MSRP again
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
Verdansk returns to Warzone in a matter of weeks and I’m dreaming of the return of two iconic weapons - here’s what you need to know about its release date and what to expect
The Ryzen AI Max+ 395 could power the latest generation of powerful mini PCs
The AMD Ryzen AI Max+ 395 dominates as the "most powerful" APU on the market, but its competition is questionable