Google has only partially mitigated the attack, which involves using a malicious Android app to secretly discern the two-factor codes generated by authenticator apps.

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, ...

Pixnapping was performed on five devices running Android versions 13 to 16: the Google Pixel 6, Google Pixel 7, Google Pixel 8, Google Pixel 9, and Samsung Galaxy S25. However, it is possible that ...

Researchers say that in the case of Google Authenticator, the Pixnapping vulnerability allows attackers to steal critical 2FA ...

Pixnapping side-channel can steal 2FA codes pixel-by-pixel on Android 13–16; CVE-2025-48561 patched Sept 2025 but workaround ...

It allows a malicious Android application to access and leak information displayed in other Android apps or on websites. It ...

New Android exploit “Pixnapping” can secretly read on-screen data like 2FA codes and messages using pixel timing — even ...

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, ...

A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by ...

Android users are facing a serious new threat despite Google's efforts to patch the vulnerability, according to a research ...

Google is adding two major updates to Android's Messages app. Starting now, Android Key Verifier is available to all Android ...

Pixnapping: a no-permissions Android attack timing GPU renders to steal on-screen data like 2FA codes; Google shipped a ...