EngageSDK Flaw Puts Millions of Crypto Wallets at Risk

EngageSDK Flaw Puts Millions of Crypto Wallets at Risk

Posted on By CWS

A critical vulnerability in the widely-used Android library, EngageSDK, has exposed over 30 million cryptocurrency wallet users to potential financial theft and data breaches. This flaw, identified as an intent redirection vulnerability, permits malicious applications on the same device to bypass Android’s security measures, granting unauthorized access to sensitive user information.

Understanding the Impact of the Vulnerability

EngageSDK, developed by EngageLab, is a third-party software development kit (SDK) that enables developers to integrate push notifications and real-time messaging into their Android apps. The flaw in this SDK poses significant risks, as it affects not just individual apps but all applications built on this platform. The flaw was discovered by the Microsoft Defender Security Research Team during routine checks, uncovering a vulnerability within an exported activity known as MTCommonActivity.

This activity is inadvertently included in an app’s merged Android manifest during the build process, making it accessible to other applications on the same device. This widespread exposure has affected over 50 million installations, including crypto wallet apps, heightening the potential for unauthorized data access and exploitation.

Discovery and Resolution Timeline

Microsoft’s team first detected the vulnerability in version 4.5.4 of the EngageLab SDK in April 2025. Following standard Coordinated Vulnerability Disclosure (CVD) protocols, the issue was reported to EngageLab, and subsequently to the Android Security Team in May 2025. EngageLab addressed the flaw by releasing version 5.2.1 in November 2025, which rectified the issue by setting the vulnerable activity to non-exported.

Importantly, all apps utilizing the compromised versions were removed from the Google Play Store, and there is currently no confirmed evidence of the flaw being exploited in active cyberattacks.

Mechanics of Intent Redirection Attacks

The technique of intent redirection involves an attacker manipulating messages, or ‘intents’, sent by a trusted application, resulting in harmful outcomes. On Android, intents facilitate communication between apps and their components. Malicious actors exploit this by sending a crafted URI to the exposed MTCommonActivity, which processes the intent using the trusted app’s permissions, granting unauthorized access to sensitive data.

Developers are urged to upgrade to EngageLab SDK version 5.2.1 or newer and diligently inspect merged Android manifests for unexpected permissions. Users of previously vulnerable apps are protected through automatic Android mitigations while developers complete necessary updates.

Stay informed on cybersecurity by following us on Google News, LinkedIn, and X. Set CSN as your preferred source on Google for real-time updates.

Cyber Security News Tags:, , , , , , , , , , ,

Related Posts

Threat Actors With Stealer Malwares Processing Millions of Credentials a Day Threat Actors With Stealer Malwares Processing Millions of Credentials a Day Cyber Security News
New PerfektBlue Attack Exposes Millions of Cars to Remote Hacking New PerfektBlue Attack Exposes Millions of Cars to Remote Hacking Cyber Security News
Magento Sites Breached by Major Cyberattack Magento Sites Breached by Major Cyberattack Cyber Security News
New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code Cyber Security News
Albemarle County Hit By Ransomware Attack Albemarle County Hit By Ransomware Attack Cyber Security News
Hackers Scanning Cisco ASA Devices to Exploit Vulnerabilities from 25,000 IPs Hackers Scanning Cisco ASA Devices to Exploit Vulnerabilities from 25,000 IPs Cyber Security News