The post New Android Attack ‘Pixnapping’ Threatens Crypto Wallet Security appeared on BitcoinEthereumNews.com.

Security researchers have uncovered a serious Android vulnerability that could expose cryptocurrency wallet seed phrases and two-factor authentication codes. The attack, named Pixnapping, works by reading what’s displayed on your screen—pixel by pixel—without needing any special permissions. How the Attack Works Pixnapping exploits weaknesses in how Android displays information on your screen. A research team from UC Berkeley, Carnegie Mellon, and other universities discovered that malicious apps can reconstruct sensitive data by measuring tiny timing differences in how pixels are rendered. The attack happens in three steps. First, a malicious app triggers another app (like Google Authenticator) to display sensitive information. Second, it overlays semi-transparent windows and uses Android’s blur API to manipulate individual pixels. Third, it measures rendering times through a hardware weakness called GPU.zip to steal pixel values one at a time. Source: pixnapping.com Think of it like taking a screenshot, but instead of capturing the whole screen at once, the attacker reconstructs the image pixel by pixel by measuring how long each one takes to draw. The malicious app doesn’t need screen recording permissions or notification access—it simply exploits standard Android features that most apps can use. Real-World Testing Results Researchers tested Pixnapping on five devices: Google Pixel 6, 7, 8, and 9, plus Samsung Galaxy S25. All ran Android versions 13 through 16. The results were concerning for Pixel owners. On Pixel devices, the attack successfully recovered full six-digit 2FA codes in 73% of attempts on Pixel 6, 53% on Pixel 7 and 9, and 29% on Pixel 8. Recovery times ranged from 14 to 26 seconds—well within the 30-second window that most authentication codes remain valid. Interestingly, the Samsung Galaxy S25 proved more resistant. Researchers were unable to recover codes within 30 seconds on this device due to noise in its graphics hardware. The team…

---

Filed under: News - @ October 15, 2025 6:27 am