Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

New Attack Alert As Android 2FA Codes Stolen In 30 Seconds Flat

Pixnapping malware exploits Android OS graphics features to steal two-factor authentication codes with success rates up to 73% on Pixel devices, researchers found.

  • On Monday, researchers from the University of California, Berkeley, University of Washington, University of California, San Diego and Carnegie Mellon University demonstrated Pixnapping can steal 2FA codes from Google Pixel and Samsung Galaxy phones in under 30 seconds.
  • The attack exploits Android OS standard APIs and a hardware side‑channel, using the Intents function to send activities into the rendering pipeline and infer pixels.
  • Different Pixel devices recorded 73%, 53%, 29%, and 53% success rates for the Pixel 6, 7, 8, and 9, with average recovery times of 14.3 to 25.8 seconds.
  • Google issued a partial September Android security patch for CVE‑2025‑48561, but researchers demonstrated a workaround; Google plans an additional patch in the December Android security bulletin with no known exploitation.
  • Users are advised to install the latest security patches and avoid untrusted apps since Pixnapping requires installing and opening a malicious app on Android devices.
Insights by Ground AI

14 Articles

ForbesForbes
Center

New Attack Alert As Android 2FA Codes Stolen In 30 Seconds Flat

Is your Pixel or Galaxy smartphone now at risk? What you need to know about this newly confirmed Android 2FA code theft attack.

·United States
Read Full Article
Indian ExpressIndian Express
Lean Left

Android devices vulnerable to new ‘Pixnapping’ attack: Here’s all you need to know

This new hacking technique that could be used to infect Android devices relies on the operating system’s pixel rendering pipeline.

·India
Read Full Article
Tech SpotTech Spot
Center

Pixnapping attack lets malicious apps steal sensitive data from Android devices

Pixnapping is a newly disclosed class of side-channel attacks that targets Android smartphones. The attack, conceived by researchers, would allow a malicious app to leak secret information displayed on an Android device's screen – for example, one-time codes or other sensitive values shown by apps or websites.Read Entire Article

Read Full Article
LifehackerLifehacker
Center

The ‘Pixnapping’ Attack Can Steal Your 2FA Codes

Researchers have discovered a new type of attack that can steal sensitive information on Android devices, like 2FA codes, without the user's knowledge.

Read Full Article
PC MagPC Mag
Lean Left

'Pixnapping' Attack Can Steal Two-Factor Codes From Android Phones

Google has only partially mitigated the attack, which involves using a malicious Android app to secretly discern the two-factor codes generated by authenticator apps.

·United States
Read Full Article
Financial ExpressFinancial Express
Lean Right

Pixnapping flaw on Android: With zero permissions, it can steal 2FA codes and data, here is what you need to do

Researchers say that in the case of Google Authenticator, the Pixnapping vulnerability allows attackers to steal critical 2FA codes in under 30 seconds while remaining hidden from the user.

·Uttar Pradesh, India
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 50% of the sources are Center
50% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

digitalinformationworld.com broke the news in on Tuesday, October 14, 2025.
Sources are mostly out of (0)

Similar News Topics

Apps icon

Apps

Apps icon

Apps

Android icon

Android

Technology icon

Technology

Smartphones icon

Smartphones

Google icon

Google

Cyber Security icon

Cyber Security

News
For You
SearchBlindspotLocal