New Android Vulnerability Exposing Sensitive Information

Researchers have discovered a new method, called ‘pixnapping,’ that allows malicious apps on Android devices to secretly capture what’s displayed on your screen, including sensitive information like two-factor authentication (2FA) codes from apps such as Gmail, Google Authenticator, Signal, and Venmo.

Who Is At Risk
Users of Android devices, particularly those from Google and Samsung, are most at risk. This includes anyone who installs apps from unknown sources or outside the official app store.

What To Watch For
Be cautious of apps requesting unnecessary permissions, especially those that ask to overlay on top of other apps or access sensitive information without a clear reason.

What To Do
Regularly update your device’s software and only download apps from trusted sources, such as the official app store. Review app permissions carefully and avoid granting access that seems unrelated to the app’s function.

Alert Domain
Other

Would you like Athena to help with reviewing app permissions? Visit nccathena.org