A new kind of cyber threat is making headlines — and it’s called “Pixnapping.” Researchers from the University of California (Berkeley and San Diego), University of Washington, and Carnegie Mellon University have discovered a way for attackers to steal sensitive data by analysing pixels on your screen. Here is their official report.
A pixel is one of the tiny coloured dots that make up your device’s display. The researchers built a framework that can steal these pixels to extract private information, even bypassing browser protections. It can grab data from popular apps like Google Maps, Signal, and Venmo, as well as websites such as Gmail. Even two-factor authentication (2FA) codes from Google Authenticator aren’t safe. So, let’s go over how they do it, and more importantly, how to avoid it happening to you.
What Makes Pixnapping Dangerous
Pixnapping is a type of side-channel attack — it doesn’t break into your software directly, but instead collects clues from the way your device behaves during normal use. While similar attacks have existed for years, this research shows just how advanced the technique has become, revealing new ways to steal sensitive data from modern devices.
The researchers tested the attack on Google Pixel phones (models 6 through 9) and the Samsung Galaxy S25. Both were vulnerable. Google and Samsung were informed earlier in 2025, and while Google has patched part of the issue, some workarounds still exist. A complete fix is still in progress, and other Android devices may also be at risk.
How Pixnapping Works
Pixnapping requires deep technical knowledge of Android internals and graphics hardware. But once developed, a Pixnapping app could be disguised as something harmless and distributed just like any other piece of Android malware.
To pull off the attack, the victim must be tricked into installing a malicious app. The app then abuses a core Android feature called “Intents” — the system apps use to communicate with each other. It overlays nearly invisible windows on top of legitimate apps and observes tiny timing signals that change based on pixel colour.
According to the researchers, it can even steal a 2FA code from Google Authenticator in under 30 seconds. Once collected, that data is sent back to a remote server controlled by the attacker.
How to Stay Safe
While Pixnapping isn’t something the average user will encounter often, it’s a good reminder to keep your device secure. Here’s how to protect yourself:
Update regularly: Keep your device and apps up to date. Google and Samsung are rolling out fixes, so don’t skip update prompts.
Be cautious when installing apps: Only download apps from trusted sources like Google Play. Check permissions and reviews before installing anything.
Review app permissions: Make it a habit to check what access your apps have. Remove unnecessary permissions, especially for apps you rarely use.
Handle sensitive info carefully: Avoid leaving sensitive data like 2FA codes, logins, or addresses open on your screen for long periods.
Stay informed: Keep an eye on announcements from Google and Samsung about security patches related to this issue.
Enable Play Protect: Ensure Google Play Protect is active to help detect and block malicious apps.
Use reliable anti-malware protection: Run up-to-date, real-time anti-malware software with web protection enabled on your Android device.
We hope you’ve liked this blog. Stay tuned for more blogs like this. Stay safe!
