- A new Android malware can scan screenshots and images to steal private keys
- Known as SpyAgent, the malware was discovered by cybersecurity firm McAfee
- McAfee observed that malicious actors are using compromised links to spread the malware
Cybersecurity firm McAfee Labs has discovered a new strain of malware targeting Android-powered devices. Dubbed SpyAgent, the malware is meant to scan screenshots and images stored on an Android device for private keys to a crypto wallet. The malware is spread through malicious links sent through traditional text messages, making it easy to nab more victims since it is almost impossible to determine the authenticity of a link sent through a text message.
SpyAgent Mostly Targets South Koreans
According to McAfee, the malware employs the optical character recognition (OCR) technique that is also used by desktop computers to enable users to copy text from images. The cybersecurity firm explained that once an unsuspecting Android user clicks the link, it takes them to a professionally done website.
The website prompts them to download an app that disguises itself as either a government service, dating site, banking app, TV streaming, or adult content site. McAfee noted that threat actors are using the malware to target Android users in mostly South Korea.
McAfee disclosed that the malicious actors behind SpyAgent have already claimed multiple victims, adding that there are more than “280 fake applications involved in this scheme.” The cybersecurity firm also noted that an iOS version of SpyAgent may be in development.
SpyAgent is an Addition to Threat Actors’ Toolbox
SpyAgent’s discovery adds to more ways that malicious actors are using to steal funds. In 2019, another type of malware, Cerberus, was released to steal 2FA codes from Google Authenticator.
Apart from targeting mobile phone users, threat actors are also trying to compromise Windows and macOS-powered computers. Last month, for example, security researchers revealed “Cthulhu Stealer,” a malware targeting Apple’s operating system.
With SpyAgent already having multiple victims, the number of victims is likely to rise once the malicious actors deploy an iOS version.
