Hackers can steal 2FA codes and private messages from Android phones

The article reports on a security vulnerability in Android phones that allows hackers to steal two-factor authentication (2FA) codes and private messages without requiring any permissions. The attack, known as "Pixnapping," exploits a flaw in Android's screenshot functionality to capture sensitive information displayed on the screen. The vulnerability was discovered by a team of researchers, who demonstrated that a malicious app could use the built-in screenshot feature to capture data, even if the app has no other permissions. This means that users could unknowingly install an app that steals their private information, including 2FA codes used to secure their accounts. The researchers have notified Google about the issue, and the tech giant is currently working on a fix. In the meantime, the article advises Android users to be cautious when downloading apps, especially those that request access to sensitive features or functions.