EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

A critical security vulnerability in the EngageLab Android SDK exposed approximately 50 million users, including 30 million cryptocurrency wallet installations, to potential data theft. The flaw, discovered by Microsoft's Defender team, allowed malicious apps on the same device to bypass Android's security sandbox protections and gain unauthorized access to private user data. The vulnerability posed significant risks to crypto wallet users as it could enable attackers to exfiltrate sensitive financial information and credentials. EngageLab has since patched the vulnerability, but users of affected applications are advised to ensure they are running the latest SDK versions. Organizations utilizing EngageLab SDK should verify their implementations are updated to mitigate this supply chain-related risk.

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender

A critical security vulnerability in the EngageLab Android SDK exposed approximately 50 million users, including 30 million cryptocurrency wallet installations, to potential data theft. The flaw, discovered by Microsoft's Defender team, allowed malicious apps on the same device to bypass Android's security sandbox protections and gain unauthorized access to private user data. The vulnerability posed significant risks to crypto wallet users as it could enable attackers to exfiltrate sensitive financial information and credentials. EngageLab has since patched the vulnerability, but users of affected applications are advised to ensure they are running the latest SDK versions. Organizations utilizing EngageLab SDK should verify their implementations are updated to mitigate this supply chain-related risk. Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender