Massive Android Vulnerability Left Millions Of Crypto Wallets Exposed to Hackers
TL;DR
A critical vulnerability in a widely used Android SDK has exposed over 30 million cryptocurrency wallets to potential data theft. This flaw allows malicious apps to bypass Android's security measures, affecting more than 50 million installations.
Key points
- Severe vulnerability in a popular Android SDK
- Exposed over 30 million cryptocurrency wallets
- Malicious apps can bypass Android's security sandbox
- Total exposure exceeds 50 million installations
- Reported by Microsoft Defender Security Research Team
A severe vulnerability in a popular third-party Android software development kit (SDK) left tens of millions of cryptocurrency wallets vulnerable to data theft, according to a newly published report by the Microsoft Defender Security Research Team.
The flaw has allowed malicious applications to bypass Android's core security sandbox.
The scope of the threat
The vulnerability has affected a wide range of applications. The cryptocurrency and digital wallet ecosystem bore the brunt of the exposure due to the high-value nature of the stored data.
Microsoft identified over 30 million installations of affected third-party crypto wallet applications. The total exposure exceeded 50 million installations.
If exploited, the vulnerability could have exposed Personally Identifiable Information (PII), private user credentials, and sensitive financial data stored deep within the affected app's private directories.
Fortunately, Microsoft noted that there is currently no evidence to suggest this vulnerability was ever actively exploited by threat actors in the wild.
The "intent redirection" flaw
The EngageLab SDK is a tool utilized by developers to manage push notifications and real-time in-app messaging. The security flaw was traced to a specific component (MTCommonActivity) that was automatically added to an application's background code after the build process.
Because this component was broadly exported, it became accessible to other applications installed on the same Android device.
A malicious app installed on the same device could craft a manipulated message (an "intent") and send it to the vulnerable crypto wallet app.
The wallet app would process this intent using its own trusted identity and permissions.
This tricked the wallet into granting the malicious app persistent read and write access to its private data directories.
Swift action was taken across the Android ecosystem to mitigate the threat.
Q&A
What is the Android vulnerability affecting crypto wallets?
The vulnerability is a flaw in a popular third-party Android SDK that allows malicious applications to bypass Android's core security sandbox, exposing cryptocurrency wallets to data theft.
How many cryptocurrency wallets are affected by the Android vulnerability?
Over 30 million installations of affected third-party crypto wallet applications are at risk, with total exposure exceeding 50 million installations.
Who reported the Android vulnerability that impacts crypto wallets?
The vulnerability was reported by the Microsoft Defender Security Research Team in a newly published report.
