FBI Warns of North Korean Hackers Using Android Malware to Steal Crypto Keys

cryptonews.com:

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

The FBI has issued a warning about a sophisticated new Android malware called SpyAgent, discovered by McAfee, which is designed to steal cryptocurrency private keys from users’ smartphones.

SpyAgent targets private keys by leveraging optical character recognition (OCR) technology to scan and extract text from screenshots and images stored on the device.

McAfee’s analysis reveals that SpyAgent is distributed through malicious links sent via text messages.

When users click on these links, they are redirected to seemingly legitimate websites that prompt them to download an app disguised as a trustworthy program.

In reality, this app is the SpyAgent malware, which compromises the phone’s security once installed.

The malware masquerades as various types of applications, including banking apps, government services, and streaming platforms.

Upon installation, it requests permissions to access contacts, messages, and local storage, facilitating its extraction of sensitive data.

McAfee reports that SpyAgent has been detected in over 280 fraudulent apps and is primarily targeting South Korean users.

The alert comes on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.

The same month saw Microsoft uncover a vulnerability in Google Chrome, which North Korean hacker group Citrine Sleet exploited to create fake cryptocurrency