New Android Attack Exposes Users to Screen Data Theft – Leaving 2FA Codes, Emails and Location History at Risk: Cybersecurity Researchers

Android users are facing a serious new threat despite Google’s efforts to patch the vulnerability, according to a research report.

A paper from UC Berkeley, University of Washington, UC San Diego and Carnegie Mellon details “Pixnapping,” an attack that lets malicious apps steal sensitive screen data, including 2FA codes, emails, and location history.

Researchers say the attack exploits Android’s rendering pipeline and bypasses browser protections.

“A malicious app can force victim pixels into the rendering pipeline by opening a victim activity using intents and compute on those pixels using a stack of semi-transparent activities.

We demonstrate an end-to-end attack capable of stealthily stealing security-critical and ephemeral 2FA codes from Google Authenticator in under 30 seconds.”

Although Google attempted to patch the vulnerability on September 2nd, researchers say they’ve discovered a workaround, and the patch does not fully mitigate the attack.

The method has been successfully tested Google Pixel 6, 7, 8, 9, and Samsung Galaxy S25 phones.

However, the 2FA code recovery attack was not successful on the Galaxy due to “significant noise,” with more fine tuning required to retrieve the data.

 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Generated Image: Midjourney