Crypto Hack Alert: New SpyAgent Malware Targets Android

North Korea’s new SpyAgent malware uses image recognition to pull off crypto hacks.

Girl asleep in her bad with her phone next to her bed, as a hacker stealing her money.
Created by Gabor Kovacs from DailyCoin
  • North Korean hackers continue to push the boundaries of cyber warfare.
  • Android users face crypto hack risk from new SpyAgent malware.
  • SpyAgent employs image technology to target seed phrases.

North Korean hackers have become a significant threat in the crypto space, reportedly stealing over $3 billion since 2017. Beginning with simple DDoS attacks on South Korean institutions in 2009, the hackers have since evolved their methods, employing increasingly sophisticated techniques to steal crypto funds from unsuspecting victims.

The latest evolution in crypto hacks marks a significant leap in sophistication. Hackers are now using Optical Character Recognition (OCR) tools to detect and extract seed phrases from photos stored on compromised devices.

North Korean Hackers Go Phishing

Cybersecurity experts are sounding the alarm on a newly discovered malware, SpyAgent, which uses Optical Character Recognition (OCR) technology to steal cryptocurrency seed phrases. 

Sponsored

Suspected of development by North Korean hackers, SpyAgent signals an escalation in crypto hack sophistication. McAfee Labs stated SpyAgent is distributed through fake apps masquerading as legitimate software from reputable companies, including banking providers, government agencies, and streaming services.

The infection process typically begins with a phishing attack, where users receive links via SMS or direct messaging from social media. These links direct victims to counterfeit websites that mimic trusted organizations, prompting users to download an APK file containing the malicious program.

Crypto Hacks Take a New Twist

Once installed, the SpyAgent malware requests extensive permissions, allowing it to access and transmit phone data to the hackers’ external servers.

While similar techniques have been employed in the past, the use of OCR technology adds a new dimension to this threat. The OCR capability enables the malware to convert images to text, specifically targeting photos of seed phrases stored on the Android device.

According to McAfee Labs, SpyAgent incidents are currently concentrated in Korea. The malware is believed to have been first deployed around January.

SpyAgent Incident Reported on Crypto X 

Confirmed SpyAgent hacks cases are rare, often because victims are in the dark about how their crypto funds were lost. However, on-chain analyst “The Smart Ape” reported that his investigation into a $25,000 Ledger hack revealed the presence of the malware.

The Smart Ape found that SpyAgent was introduced to his brother’s Android device through a streaming app download. He stressed the danger of storing seed phrases on any electronic device and advised crypto users to avoid such practices to safeguard their crypto assets.

On the Flipside

  • MacAfee Labs stated that SpyAgent “is not widely prevalent.”
  • Crypto users are reminded of the dangers of clicking links, installing apps, and granting permissions.

Why This Matters

Sophisticated crypto hacks are a threat to mass crypto adoption, jeopardizing the entire ecosystem’s growth and reputation.

Peckshield data shows a drop in crypto hack incidents.
Crypto Hacks Down 48% in March Amid Positive Industry Trend

Singapore authorities probe the illegal transfer of Worldcoin accounts.
Worldcoin Probe: Singapore Investigates Account Misuse

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Samuel Wan

Samuel Wan is a reporter at DailyCoin covering market affairs. Samuel's has holdings in Bitcoin and Cardano, with other minor holdings across the market.

Read more