• Margot Robbie@lemmy.worldOPM
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    A bunch of malicious crypto apps with hidden malware that overlays over legitimate crypto wallets to steal credentials. Technique looks very sophisticated based on the article’s breakdown.

    • kvothelu@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      you have to specifically give permission to overlay. I never give overlay permission even to most popular apps.

      • Margot Robbie@lemmy.worldOPM
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        It seems like they ask for accessibility permissions first, and exploits that to automatically click “accept” and grant itself other permissions, which I assume overlay is one of them.

        • ngwoo@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          This dumb shit is why Google keeps crippling the accessibility API more and more. Idiots need to stop clicking on stuff just because the app asks them to.