‘Pixnapping’ Android attack could expose crypto wallet seed phrases
Researchers have uncovered a new Android vulnerability that allows malicious apps to reconstruct on-screen content, such as recovery phrases and two-factor authentication codes.
A newly discovered Android vulnerability enables malicious applications to access content displayed by other apps, potentially compromising crypto wallet recovery phrases, two-factor authentication (2FA) codes and more.
According to a recent research paper, the “Pixnapping” attack “bypasses all browser mitigations and can even steal secrets from non-browser apps.” This is possible by leveraging Android application programming interfaces (API) to calculate the content of a specific pixel displayed by a different application.
This is not as simple as the malicious application requesting and accessing the display content of another application. Instead, it layers a stack of attacker-controlled, semi-transparent activities to mask all but a chosen pixel, then manipulates that pixel so its color dominates the frame.
Source: Cointelegraph →Related News
- Feb 24, 2026
Ethereum Foundation starts staking ETH as client diversity concerns persist
- Feb 24, 2026
‘Bitcoin scarcity is dead’: Crypto executives push back on viral claim
- Feb 24, 2026
Solo Bitcoin miner bags over $200K block reward using rented hashrate
- Feb 24, 2026
Vitalik sells 17K ETH in one month after earmarking $45M for privacy
- Feb 24, 2026
Stablecoin stagnation, tariffs a headwind for Bitcoin prices, analysts say