A bunch of malicious crypto apps with hidden malware that overlays over legitimate crypto wallets to steal credentials. Technique looks very sophisticated based on the article’s breakdown.
It seems like they ask for accessibility permissions first, and exploits that to automatically click “accept” and grant itself other permissions, which I assume overlay is one of them.
This dumb shit is why Google keeps crippling the accessibility API more and more. Idiots need to stop clicking on stuff just because the app asks them to.
Add comment