No fix yet for attack that lets hackers pluck 2FA codes from Android phones

A recently discovered vulnerability in Android devices allows hackers to stealthily extract two-factor authentication (2FA) codes, location histories, and other sensitive information in under 30 seconds. Dubbed 'Pixnapping' by the researchers behind the discovery, this alarming exploit requires users to unwittingly install a malicious application on their Android smartphones or tablets. The malicious app can operate without needing any system permissions, granting it the ability to monitor and capture data displayed on the screens of other applications. Researchers have successfully demonstrated this attack on devices such as Google Pixel phones and the Samsung Galaxy S25, suggesting that with further adjustments, it could potentially be adapted for use on various other Android models. Last month, Google rolled out certain mitigations to address this threat; however, the researchers have reported that even with these updates, a modified version of the attack is still effective. The Pixnapping process begins when the malicious application leverages Android programming interfaces to prompt targeted apps—like authenticators—to display sensitive information on the device's screen. The malicious app then performs graphical operations that allow it to capture specific pixels of interest. By exploiting a side channel, Pixnapping enables the malicious app to map those pixels to corresponding characters or symbols. According to the researchers, virtually anything visible while the target application is active can be compromised. This includes chat messages, 2FA codes, and emails, all of which remain susceptible to interception. However, any information that is stored but not displayed on the screen—such as secret keys—remains secure from this type of attack.