New and dangerous attack on Android – 12 words in the crosshairs of hackers

Security researchers have discovered a new and dangerous Android hacking campaign, and this one is also very ingenious. The SpyAgent malware, by attacking with a 12-word phrase, disguises itself as one of 280 apps and uses optical character recognition technology in its sneaky attacks. Fall victim to a successful hack, and it can be very costly, because hackers want your money.

Hack Android SpyAgent uses innovative new attack methodology

The McAfee Mobile Research Team recently identified more than 280 apps used as launchpads for the SpyAgent malware, which has been actively targeting Android users since the beginning of the year. These fake apps, which pretend to be everything from banking to streaming tools, will use distraction techniques like “endless loading screens, unexpected redirects, or brief blank screens to hide their true activities,” said report author SangRyol Ryu.

ForbesGoogle Issues 0-Day Attack Warning on AndroidBy Davey Winder

As it turns out, the real activity is collecting all of your SMS text messages, contacts, and importantly, as I’ll get to in a moment, every image you have stored on your Android device. All of that data is then sent to a remote server, where the clever, dangerous, and ultimately potentially expensive work begins.

These fake apps are usually the initial payload of a phishing campaign, designed to lead users to a seemingly authentic but actually malicious website where they are tricked into downloading. Of course, the trick doesn’t end there, as they download the Android Package Kit file, not the original app. Once installed, it requests permission to access SMS, contacts, and storage. Gaining access to your photos is the main goal, as they are then scanned using OCR technology, but don’t worry, hackers aren’t looking for your private, nudge, wink, wink, images. They’re looking for a mnemonic key.

ForbesNew deadline for Gmail app password access – you have 4 weeks to complyBy Davey Winder

What is a mnemonic key, you ask? In simple terms, it’s a 12-word phrase, although they can total 24 words. A phrase to what? Your crypto wallet, or rather, the recovery of your crypto wallet. “This suggests there’s a strong focus on gaining access to and eventually exhausting the victims’ cryptocurrency holdings,” Ryu said.

SpyAgent for Android Threat Mitigation

We’ve talked about SpyAgent as an Android threat, which it certainly is today. However, Ryu said that a McAfee researcher found an item labeled “iPhone” in the admin panel code, suggesting that malware creators could try to target iOS users in a future release. “While we haven’t found direct evidence of an iOS-compatible version yet,” Ryu said, “the possibility of it existing is real.”

Regardless, the safety rules are the same as always: stay vigilant against phishing threats, only install apps from official app stores, don’t click on links in unsolicited emails or text messages, and don’t grant permissions to any app that seems excessive, unjustified, or intrusive in any way.

Google recommends Android users use Google Play Protect to check apps and devices for malicious behavior. While Google Play Protect is enabled by default, Google recommends users check to see if it’s disabled. To do so, open the Google Play app, tap your profile icon, tap Settings, and then make sure that Play Protect app scanning is enabled.