CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases

Update: 2025-12-18

Description

Mobile Threat Alert: Crypto Mnemonic Phrase Stealer

SeedSnatcher is a newly uncovered Android malware family targeting the crypto ecosystem, built to steal users’ mnemonic recovery phrases using a sophisticated DisplayOverlay attack

Capabilities:

Intercepts and exfiltrates seed phrases and private keys from major cryptocurrency wallets
Presents deceptive wallet-import screens to lure users into entering their recovery phrases
Communicates with its command-and-control servers via encrypted WebSocket channels

Additional Capabilities:

Access device files and media
Read SMS content and monitor messages
Retrieve call logs and contact lists
Collect device identifiers, network data, and app details
Exfiltrate collected information to the C2 over encrypted channels

Link to the Research Report: SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases - CYFIRMA

#CyberSecurity #MobileSecurity #AndroidMalware #CryptoSecurity #ThreatIntelligence #SeedSnatcher #ThreatAlert #CYFIRMA #CYFIRMAresearch#ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/

Comments

In Channel

CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases

2025-12-1804:16

CYFIRMA Research- RTO Challan Fraud A Technical Report on APK-Based Financial and Identity Theft

2025-12-1607:17

CYFIRMA Research- Tracking Ransomware – November 2025

2025-12-1205:17

CYFIRMA Research- APT36 Python Based ELF Malware Targeting Indian Government Entities

2025-12-1104:46

CYFIRMA Research: North Korean Cyber Crime as a Statecraft Tool

2025-12-0907:08

CYFIRMA Research: Rising Cybercrime During Black Friday & Cyber Monday- A 2025 Threat Intelligence Report

2025-12-0108:05

CYFIRMA Research: Tycoon 2FA- A Technical Analysis of its Adversary-in-the-Middle Phishing Operation

2025-11-2703:21

CYFIRMA Research- Pig Butchering Scams: Cybercrime Threat Intelligence

2025-11-2107:51

CYFIRMA Research- Regional Stability on Shaky Ground: Cyber Threat Escalation in the Middle East

2025-11-1407:15

CYFIRMA Research- Telemetry Relay: When Diagnostics Turn Against You

2025-11-1106:07

CYFIRMA Research- Tracking Ransomware: October 2025

2025-11-1003:19

CYFIRMA Research: Android/BankBot- YNRK Mobile Banking Trojan

2025-11-0403:50

CYFIRMA Research- GhostGrab Android Malware

2025-11-0305:17

Cyfirma Research- CVE-2025-6541: TP-Link Omada Gateway Remote Command Injection Vulnerability Analysis

2025-10-3104:51

CYFIRMA Research: DPRK Sanctions Violations in Cyber Operations Post-UN Panel Demise

2025-10-1305:49

CYFIRMA Research- Tracking Ransomware: September 2025

2025-10-0704:11

CYFIRMA Research: Yurei Ransomware- The Digital Ghost

2025-10-0606:14

CYFIRMA Research- DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities

2025-09-2203:30

CYFIRMA Research- Defence Industry Threat Report

2025-09-1906:04

CYFIRMA Research: Unmasking a Python Stealer- XillenStealer

2025-09-1706:18

00:00

CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases

#box-pro-ellipsis-176612815023989{-webkit-line-clamp:2;}CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases

CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases

CYFIRMA

CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases