CyberSecurityBoard
Sponsor Register Login

New Android Pixnapping attack steals MFA codes pixel by pixel

A new sophisticated Android attack named Pixnapping has been discovered, targeting multi-factor authentication (MFA) codes by capturing them pixel by pixel. This novel attack method exploits screen capture techniques to bypass security measures and steal sensitive authentication data from users, particularly affecting Google Pixel devices. The Pixnapping attack represents a significant evolution in mobile malware, emphasizing the increasing risks to mobile security and the need for enhanced protective measures. Users are advised to remain vigilant, update their devices regularly, and consider additional security layers to protect against such advanced threats. The Pixnapping attack works by capturing the screen content in small segments, reconstructing the MFA codes without triggering typical security alerts. This stealthy approach allows attackers to bypass conventional detection mechanisms and gain unauthorized access to accounts protected by MFA. The attack highlights vulnerabilities in current Android security frameworks, especially concerning screen capture permissions and real-time data interception. Security experts recommend that users of affected devices, particularly Google Pixel owners, apply all available security patches promptly. Additionally, adopting hardware-based security keys and biometric authentication can provide stronger defense against such pixel-level data theft. Organizations should also educate their employees about the risks of mobile-based attacks and implement policies to mitigate these threats. The emergence of Pixnapping underscores the evolving landscape of cyber threats targeting mobile platforms. As attackers develop more intricate methods to circumvent security, continuous innovation in defense strategies is crucial. This includes improving app permission controls, enhancing real-time threat detection, and fostering collaboration between device manufacturers and cybersecurity communities to address these challenges effectively.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 14 Oct 2025 18:50:15 +0000


Cyber News related to New Android Pixnapping attack steals MFA codes pixel by pixel

New Android Pixnapping attack steals MFA codes pixel by pixel - A new sophisticated Android attack named Pixnapping has been discovered, targeting multi-factor authentication (MFA) codes by capturing them pixel by pixel. This novel attack method exploits screen capture techniques to bypass security measures and ...
3 weeks ago Bleepingcomputer.com
What is adaptive multifactor authentication? - Adaptive multifactor authentication is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Adaptive MFA essentially poses different sets of authentication requirements based on the ...
1 year ago Techtarget.com
Misconfigured MFA Increasingly Targeted by Cybercriminals - In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication issues, according to the latest Cisco Talos report. A quarter of these incidents were caused by users accepting fraudulent ...
1 year ago Securityboulevard.com
MFA and supply chain security: It's no magic bullet - With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments. Attackers are targeting ...
1 year ago Securityboulevard.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
1 year ago Securityboulevard.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
1 year ago Techrepublic.com
Here's How To Steer Clear Of QR Code Hacking - QR codes, present for years and widely embraced during COVID-19, offer great benefits. Cybercriminals exploit them, creating malicious QR codes to unlawfully access your personal and financial data. These tampered codes pose a threat, potentially ...
1 year ago Cysecurity.news
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
Microsoft to start enforcing Azure multi-factor authentication in July - Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout ...
1 year ago Bleepingcomputer.com Black Basta
Threat Actors Bypass MFA Using AiTM Attack via Reverse Proxies - Multi-factor authentication (MFA) has long been touted as a robust security measure against phishing attacks, but sophisticated threat actors have developed new techniques to circumvent these protections. Rather than simply creating fake landing ...
6 months ago Cybersecuritynews.com
Google shares fix for Pixel phones hit by bad system update - Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. As previously reported by BleepingComputer, after the January 2024 Google Play system ...
1 year ago Bleepingcomputer.com
How to Scan a QR Code On iPhone - The iPhone offers multiple ways of scanning QR codes, but the quickest and easiest method is using its built-in camera app. Open your camera app and point at a QR code; a notification will appear in the lower-right corner of the screen. Follow the QR ...
1 year ago Hackercombat.com
3 main tactics attackers use to bypass MFA - Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in ...
1 year ago Helpnetsecurity.com
Microsoft now enforces MFA on Azure Portal sign-ins for all tenants - Microsoft has announced a significant security enhancement by enforcing Multi-Factor Authentication (MFA) on all Azure Portal sign-ins across all tenants. This mandatory security measure aims to protect users and organizations from unauthorized ...
2 months ago Bleepingcomputer.com
Badge Makes Device-Independent Authentication Platform Available - Badge Inc. today announced that a namesake platform that enables end users to securely be authenticated on-demand using any device is now generally available. The company has allied with Okta to provide integration with an identity access management ...
1 year ago Securityboulevard.com
Researchers Find Way to Bypass Phishing-Resistant MFA in Microsoft Entra ID - Cyber Security News - Cybersecurity researchers have uncovered a sophisticated technique to bypass Microsoft’s phishing-resistant multi-factor authentication (MFA) by exploiting the device code authentication flow and Primary Refresh Tokens (PRTs). The current ...
6 months ago Cybersecuritynews.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection - A recent phishing scheme has emerged, posing as a 'copyright infringement' email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication ...
1 year ago Cysecurity.news
QR Codes Used in 22% of Phishing Attacks - The Hoxhunt Challenge has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk. The study, published today and conducted in 38 organizations across nine industries ...
1 year ago Infosecurity-magazine.com
Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account - This code snippet shows how attackers can intercept an authentication response and modify critical status flags to falsely indicate MFA verification has been successfully completed. These advanced techniques, which exploit vulnerabilities in ...
7 months ago Cybersecuritynews.com
Pixnapping Attack Lets Attackers Bypass 2FA on Android Devices - The article discusses a novel attack technique called 'Pixnapping' that allows attackers to bypass two-factor authentication (2FA) on Android devices. This attack exploits vulnerabilities in the way Android handles image processing and notifications, ...
3 weeks ago Darkreading.com
Google Pixel 6 series phones bricked after factory reset - Factory resets wipe the device of all personal data, apps, and settings and are typically performed when the device owner prepares it for resale. The Pixel 6 series, released in late 2021, is approaching the typical upgrade cycle for many original ...
1 year ago Bleepingcomputer.com Medusa
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)