EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

2026-04-09

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Microsoft Defender researchers disclosed a now-patched intent redirection vulnerability in EngageLab SDK that exposed over 50 million Android users, including 30 million cryptocurrency wallet users.

•The flaw existed in EngageLab SDK version 4.5.4, a push notification SDK integrated into many Android apps.
•The vulnerability allowed apps on the same device to bypass Android's security sandbox and access private data of other apps using the SDK.
•An attacker could exploit this via a malicious app installed on the device to access internal directories of vulnerable apps.
•Cryptocurrency and digital wallet apps accounted for over 30 million of the 50 million+ affected installations.
•EngageLab released version 5.2.1 in November 2025 following responsible disclosure in April 2025; all affected apps have been removed from Google Play.

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Guardrails at the gateway: Securing AI inference on GKE with Model Armor

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region