FBI Alerts Public to North Korean Hackers Stealing Crypto Keys with Android Malware

SpyAgent targets private keys by leveraging OCR technology to scan and extract text from screenshots.

The FBI has released a warning regarding SpyAgent, a sophisticated new Android malware that was found by McAfee and is intended to steal private keys for cryptocurrencies from users’ smartphones.

By using optical character recognition (OCR) technology to read and extract text from screenshots and stored images on the device, SpyAgent targets private keys.

McAfee’s analysis reveals that SpyAgent is distributed through malicious links sent via text messages.

Malware Masquerades as Various Programs

Upon clicking these links, users are taken to seemingly authentic websites where they are prompted to download an application that appears to be a reliable program.

This app is actually SpyAgent malware, which, once installed, compromises the security of the phone.

The malware poses as a variety of apps, such as streaming platforms, banking apps, and government services.

When installed, it asks for access to contacts, messages, and local storage in order to extract sensitive data more easily.

According to McAfee, SpyAgent is mainly targeting South Korean users and has been found in over 280 fraudulent apps.

The notification follows the discovery of a different malware threat in August.

Similar to this, the “Cthulhu Stealer,” which targets MacOS systems, poses as trustworthy software and steals personal data such as IP addresses, MetaMask passwords, and cold wallet private keys.

In the same month, Citrine Sleet, a North Korean hacker group, discovered a vulnerability in Google Chrome that they used to fabricate false job applications and cryptocurrency exchanges.

As a result of these actions, malware that could be controlled remotely and steal private keys was installed.

Although the Chrome vulnerability has since been fixed, the FBI has issued a formal warning about North Korean hacking activities due to the increase in these kinds of cyberattacks.

It is recommended that users exercise caution and refrain from downloading applications or clicking on links from unfamiliar sources in order to safeguard their digital assets against such sophisticated threats.

Crypto Projects Lost $310M to Scams in August

As previously noted, August saw a spike in cryptocurrency-related frauds, resulting in the astonishing loss of $310 million due to different scams. This month’s total is the second-highest thus far this year.

Nevertheless, the stolen assets were eventually found or returned for $10.3 million, leaving a $300.6 million net loss.

The most damaging incidents were found to be phishing attempts, which accounted for about $293 million of the total losses.

Two phishing attacks that were especially widespread led to the theft of $55 million in DAI stablecoin and $238 million in Bitcoin.

Aside from phishing, attacks on multiple cryptocurrency projects were among August’s noteworthy losses.

For example, on August 6, a white hat hacker took advantage of the Ethereum Virtual Machine (EVM)-based sidechain Ronin Network, stealing 4,000 ETH, which was worth $9.85 million at the time.

Furthermore, August saw $1.2 million in losses from flash loan attacks, which is still concerning but somewhat less than in prior months.

Exit scam losses decreased to $800,000 in August from approximately $3 million in July, a sharp decrease in comparison to the rise in phishing and other forms of exploitation.