A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones

A new attack, dubbed "Pixnapping," has been discovered that can steal 2-factor authentication (2FA) codes from Android phones without requiring any permissions from the user. The attack exploits a vulnerability in the Android operating system that allows malicious apps to capture screenshots of the device's screen, including any 2FA codes that may be displayed. The attack is particularly concerning because 2FA is often used as an additional layer of security to protect accounts from unauthorized access. By stealing these codes, hackers can bypass this security measure and gain access to sensitive information or accounts. The researchers who discovered the vulnerability have reported it to Google, and the company is currently working on a fix. In the meantime, users are advised to be cautious about the apps they install on their Android devices and to consider using alternative 2FA methods, such as hardware security keys, to enhance their online security.