Comment on Found: 280 Android apps that use OCR to steal cryptocurrency credentials
Ghoelian@lemmy.dbzer0.com 2 weeks ago
There’s no indication that any of the apps were available through Google Play.
So it’s just users installing untrusted apps to their phone?
scour infected phones for text messages, contacts, and all stored images
They also can’t do that without the user explicitly giving the app permission to do those things, unless they found an exploit or something, but the article doesn’t say that.
Also, why would you have images with passwords in them on your phone anyway?
People really should know better nowadays than to do any of this shit. Every step here is preventable by the user just thinking about what they’re really doing.
qaz@lemmy.world 2 weeks ago
A lot of cryptowallets let the user log in with a randomly generated combination of words. They often ask the user to write those down on paper. However, some people just screenshot that. This malware looks for those combinations specifically.
umami_wasbi@lemmy.ml 2 weeks ago
you mean the seed? i though that should be written on paper, store in a safe, and never on any electronic medium.
qaz@lemmy.world 2 weeks ago
It should be, but many people don’t