ChainCatcher news, recently, McAfee discovered a new type of Android malware named SpyAgent, which can steal users' private keys by taking screenshots and using optical character recognition (OCR) technology on text within images. This malware spreads through malicious links in text messages; when users click the link, they are directed to a page disguised as a legitimate website and prompted to download a seemingly trustworthy application. Once installed, the malware can access users' contacts, messages, and local storage permissions. Currently, SpyAgent primarily targets South Korean users and has been found in over 280 fraudulent applications. Additionally, malware attacks are on the rise in 2024. The Cthulhu Stealer, discovered in August, affected MacOS systems and stole users' cryptocurrency wallet information. In the same month, Microsoft patched a vulnerability in Google Chrome that had been used by the North Korean hacker group Citrine Sleet to disguise fake cryptocurrency exchanges and spread malware through fraudulent job applications. The Federal Bureau of Investigation (FBI) has issued a warning, alerting the public that the cryptocurrency industry is becoming a primary target for North Korean hackers.

ChainCatcher message, the Federal Financial Supervisory Authority of Germany (BaFin) announced that a piece of Android malware named "GodFather" has attacked over 400 financial apps by stealing 2FA verification codes, including about 110 cryptocurrency trading platforms, 94 cryptocurrency wallets, and 215 banking client applications.It is reported that Godfather runs only on Android and steals users' login data by faking a false login page, prompting victims to input their data into a monitored form. Godfather utilizes Android's Accessibility Service to gain device access and relay data. Additionally, Godfather can record screens, launch keyloggers, intercept calls containing 2FA verification codes, send text messages, and perform other operations. (Source link)