Google has only partially mitigated the attack, which involves using a malicious Android app to secretly discern the two-factor codes generated by authenticator apps.

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, ...

Pixnapping was performed on five devices running Android versions 13 to 16: the Google Pixel 6, Google Pixel 7, Google Pixel 8, Google Pixel 9, and Samsung Galaxy S25. However, it is possible that ...

Researchers say that in the case of Google Authenticator, the Pixnapping vulnerability allows attackers to steal critical 2FA ...

It allows a malicious Android application to access and leak information displayed in other Android apps or on websites. It ...

New Android exploit “Pixnapping” can secretly read on-screen data like 2FA codes and messages using pixel timing — even ...

Pixnapping side-channel can steal 2FA codes pixel-by-pixel on Android 13–16; CVE-2025-48561 patched Sept 2025 but workaround ...

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, ...

You can move Google Authenticator to a new phone so that your new device can gain an additional level of security through two ...

Android users are facing a serious new threat despite Google's efforts to patch the vulnerability, according to a research ...

Pixnapping: a no-permissions Android attack timing GPU renders to steal on-screen data like 2FA codes; Google shipped a ...