this post was submitted on 10 Sep 2024
139 points (96.0% liked)

Technology

58123 readers
4130 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
139
Found: 280 Android apps that use OCR to steal cryptocurrency credentials (arstechnica.com)
submitted 1 week ago by irreticent@lemmy.world to c/technology@lemmy.world
10 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.zip/post/22281366

Optical Character Recognition converts passwords shown in images to machine-readable text.

McAfee blog: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/

top 10 comments
sorted by: hot top controversial new old
[–] Shdwdrgn@mander.xyz 39 points 1 week ago (1 children)

security firm McAfee

Now there's an oxymoron. Let me know when they can write a virus scanner that works.

[–] MurrayL@lemmy.world 2 points 1 week ago (1 children)

So do you think this research is invalid, or are you just being snarky for the sake of it?

[–] Shdwdrgn@mander.xyz 4 points 1 week ago

Hard to say for sure. They may have legitimately found something, but my experience with McAfee products has been abysmal. The last time I dealt with it, someone had the full paid version of their virus scanner which was up to date but wasn't finding anything. I ran the free version of AVG and found over 200 items (mostly trojans and other malware). Their research may be valid, but I certainly wouldn't trust any of their software to find even widely-known issues.

[–] Lost_My_Mind@lemmy.world 37 points 1 week ago

Sooooooo.......no list of what those apps are?

[–] Ghoelian@lemmy.dbzer0.com 23 points 1 week ago (1 children)

There’s no indication that any of the apps were available through Google Play.

So it's just users installing untrusted apps to their phone?

scour infected phones for text messages, contacts, and all stored images

They also can't do that without the user explicitly giving the app permission to do those things, unless they found an exploit or something, but the article doesn't say that.

Also, why would you have images with passwords in them on your phone anyway?

People really should know better nowadays than to do any of this shit. Every step here is preventable by the user just thinking about what they're really doing.

[–] qaz@lemmy.world 15 points 1 week ago (1 children)

A lot of cryptowallets let the user log in with a randomly generated combination of words. They often ask the user to write those down on paper. However, some people just screenshot that. This malware looks for those combinations specifically.

[–] umami_wasbi@lemmy.ml 5 points 1 week ago (1 children)

you mean the seed? i though that should be written on paper, store in a safe, and never on any electronic medium.

[–] qaz@lemmy.world 9 points 1 week ago* (last edited 1 week ago)

Just like how people should use long unique passwords

[–] n3cr0@lemmy.world 17 points 1 week ago (1 children)

Let me express my huge distrust in McAfee.

Thanks for your attention.

[–] Plopp@lemmy.world 5 points 1 week ago

Huge distrust in both the company and the man himself even after leaving the company. But I must say the world got a little more dull and gray when he died.