Rewards Hub Microsoft has disclosed a critical Android vulnerability in the EngageLab SDK that exposed 30 million crypto wallet credentials to cybercriminals. The flaw, identified by Microsoft's Defender Security Research Team in April 2025, allowed malicious apps to bypass Android's sandbox security, enabling unauthorized access to sensitive information such as crypto wallet seed phrases and addresses.
The vulnerability, affecting SDK version 4.5.4, was exploited through an "intent redirection" attack, compromising over 50 million apps. Microsoft collaborated with Google and the Android Security Team to address the issue, leading to the release of a patched SDK version 5.2.1. Users are advised to update their apps and use Google Play Protect to ensure security. Additionally, users who haven't updated since mid-2025 should transfer funds to new wallets with fresh seed phrases.
Microsoft Reveals Android Vulnerability Exposing 30M Crypto Wallets
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.