‘Pixnapping’ Attack on Android Could Put Your Crypto Wallet at Risk
A newly discovered Android vulnerability called “Pixnapping” could put users’ sensitive information, including crypto wallet recovery phrases and two-factor authentication (2FA) codes, at risk. Researchers have warned that the attack allows malicious apps to access visual data displayed by other apps. That could also expose secrets without direct permission.
‘Pixnapping’ Attack on Android Could Put Your Crypto Wallet at Risk
According to a recent research paper, the Pixnapping attack “bypasses all browser protections and can even steal information from non-browser apps.” It works by taking advantage of Android’s application programming interfaces (APIs) to figure out the colour of specific pixels shown on the screen by another app.
This attack doesn’t simply read what’s on the display. Instead, it layers semi-transparent screens on top of the target app and manipulates the colour of a single pixel to reveal small bits of data. By repeating this process and syncing the timing of each frame, the attacker can slowly reconstruct what’s being displayed — such as numbers, letters, or images.
The attack is complex and time-consuming. So it’s not very effective for content that disappears quickly. However, it can be dangerous for information that stays visible longer, like crypto wallet recovery phrases or backup keys.
Crypto Wallets and 2FA at Risk
Researchers tested the attack on Google Pixel devices and found that it could recover 2FA codes with concerning accuracy.
“Our attack correctly recovers the full 6-digit 2FA code in 73%, 53%, 29%, and 53% of the trials on the Pixel 6, 7, 8, and 9, respectively,” the report said.
The test also showed that the attack took between 14 and 26 seconds to capture a full 2FA code. While stealing an entire 12-word recovery phrase would take longer, the risk increases if the phrase remains on-screen while the user writes it down.
This makes crypto wallet seed phrases particularly vulnerable, as they provide full access to a user’s funds if exposed.
Google’s Response
The vulnerability was tested on several devices, including the Google Pixel 6–9 and the Samsung Galaxy S25, running Android versions 13 to 16. The researchers believe other Android devices may also be affected since the same APIs are widely available.
Google attempted to fix the flaw by restricting how many screen layers an app can blur at once. However, researchers found a workaround that still allowed Pixnapping to operate.
“As of October 13, we are still coordinating with Google and Samsung regarding disclosure timelines and fixes,” the paper noted.
Google has classified the issue as high severity and plans to reward the researchers with a bug bounty. The team also alerted Samsung, warning that Google’s initial fix was not enough to protect Samsung devices.
See Also: Nintendo Reportedly Hit by Major Cyberattack from Crimson Collective
How to Stay Safe
Experts suggest avoiding displaying recovery phrases or any sensitive data on Android or other internet-connected devices. A more secure option is to use hardware wallets, which store crypto keys offline and never reveal them on-screen.
As security researcher Vladimir S advised,
“Simply don’t use your phone to secure your crypto. Use a hardware wallet!”
With the rise of sophisticated attacks like Pixnapping, experts stress that users should take extra care when managing their digital assets — especially on mobile devices.
PTA Taxes Portal
Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal
Explore NowFollow us on Google News!
