McAfee uncovers malware that steals private keys from images

American cybersecurity software firm McAfee has discovered a new malware that steals private keys from images held in Android devices.

Dubbed SpyAgent, the malware can recognize private keys from images, including screenshots, using optical character recognition (OCR), a process that enables computer systems to convert an image of text into a machine-readable text format.

According to McAfee, the malware spreads through the usual social engineering techniques, such as sending links to unsuspecting users through text messages. Clicking on the links redirects the users to websites that claim to contain legitimate software, which, when installed, activates the malware.

The victims end up permitting these applications to access their messages, images and contacts, and they set out to look for any ‘crypto-related’ information, starting with private keys.

“Upon examining the page, it became clear that a primary goal of the attackers was to obtain the mnemonic recovery phrases for cryptocurrency wallets. This suggests a major emphasis on gaining entry to and possibly depleting the crypto assets of victims,” the security firm notes.

McAfee says SpyAgent has been active since January; the company has identified 280 fake applications used to spread the malware, with South Koreans being the primary target.

SpyAgent is one of hundreds of malware targeting digital asset users, which have intensified this year. A Chainalysis report in August found that while overall illicit activity had declined in the first seven months of the year, stolen funds and malware had shot up. The latter had increased to $460 million while stolen fund inflows had doubled to $1.58 billion.

“2024 is set to be the highest-grossing year yet for ransomware payments, due in no small part to strains carrying out fewer high-profile attacks but collecting large payments (known in the industry as “big game hunting”),” the New York blockchain analytics company revealed.

Malware attacks are targeting larger businesses, Chainalysis found. The result is a spike in the median ransom payment to $1.5 million, up from $200,000 in 2023.

A week ago, the United States Federal Bureau of Investigation (FBI) warned that North Korean hackers have stepped up their game and are now targeting digital asset owners more aggressively than ever.

“North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable,” the agency said.

Watch: Cybersecurity fundamentals in today’s digital age with AI & Web3