Researchers have demonstrated a new type of malware attack that can steal sensitive information from Android devices—including Google and Samsung phones—without the knowledge or action of the target user.
This process can repeat for as long as it takes to scan the stolen pixels and pull the original information from them, all without you knowing it's happening. Researchers compare the process to taking screenshots of screen contents the malware should not have access to.
Researchers demonstrated these Pixnapping attacks on Google and Samsung phones, including the Pixel 6, Pixel 7, Pixel 8, Pixel 9, and Galaxy S25. These phones were running Android 13, 14, 15, and 16. Researchers say they aren't sure if other types of Android devices are affected by this attack, though the "core mechanisms" involved are usually present in all Android devices. Different Pixel devices had different rates of success in the 2FA hack (73%, 53%, 29%, and 53% for the Pixel 6, 7, 8, and 9, respectively), though researchers could not obtain 2FA codes on the Galaxy S25 within the 30 second timeline before the codes refreshed.
According to the findings, Google has tried to patch Pixnapping, but researchers were able to workaround this patch in demonstrated attacks. The vulnerability is currently tracked as CVE-2025-48561. Google is working on a new patch for the December Android security builtin.
How to protect yourself from Pixnapping
The first thing to do to protect yourself is to make sure you're running the latest security patches on your Android device. While Google is still working on a subsequent Pixnapping patch, there is a patch in existence. Make sure you install it on your phone by heading to System > Software updates.
Next, be cautious with the apps you download on your device. Always try to download apps from trusted and verified marketplaces, as it's much more difficult for bad actors to hide malware on apps distributed through these stores. Even when you download apps on something like the Google Play Store, investigate the app thoroughly: Ensure it's really the app you think it is, and it's coming from the developer that makes it. If you sideload apps, be careful with what you download, and only install apps from developers you trust.
Hence then, the article about the pixnapping attack can steal your 2fa codes was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( The ‘Pixnapping’ Attack Can Steal Your 2FA Codes )
Also on site :