Close Menu
    What's Hot

    20+ Hijacked Government Websites Became
an Attack Channel

    Truth Social is selling real-time access to posts that could move the markets

    Opinion | The Left Needs to Reclaim Its Optimism

    Facebook X (Twitter) Instagram
    Trending
    • 20+ Hijacked Government Websites Became
an Attack Channel
    • Truth Social is selling real-time access to posts that could move the markets
    • Opinion | The Left Needs to Reclaim Its Optimism
    • Warnock and Ossoff, Georgia’s Senators, Ridicule Trump’s Election Fraud Claims
    • PBF Energy: Refining Boom Appears Stronger Than Ever (NYSE:PBF)
    • Celtic transfer news: Scottish Premiership champions struggling to compete in market, meeting notes reveal | Football News
    • Why Apple Sued OpenAI, New York Takes on Data Centers, and What to Know about Cyclosporiasis
    • Elbridge Colby Exposes Trump’s America First Contradiction
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

    adminBy adminApril 9, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananApr 09, 2026Vulnerability / Mobile Security

    EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

    Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk.

    “This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data,” the Microsoft Defender Security Research Team said in a report published today.

    EngageLab SDK offers a push notification service, which, according to its website, is designed to deliver “timely notifications” based on user behavior already tracked by developers. Once integrated into an app, the SDK offers a way to send personalized notifications and drive real-time engagement.

    Cybersecurity

    The tech giant said a significant number of apps using the SDK are part of the cryptocurrency and digital wallet ecosystem, and that the affected wallet apps accounted for more than 30 million installations. When non‑wallet apps built on the same SDK are included, the installation count surpasses 50 million.

    Microsoft did not reveal the names of the apps, but noted that all those detected apps using vulnerable versions of the SDK have been removed from the Google Play Store. Following responsible disclosure in April 2025, EngageLab released version 5.2.1 in November 2025 to address the vulnerability.

    The issue, identified in version 4.5.4, has been described as an intent redirection vulnerability. Intents in Android refer to messaging objects that are used to request an action from another app component.

    Intent redirection occurs when the contents of an intent that a vulnerable app sends are manipulated by taking advantage of its trusted context (i.e., permissions) to gain unauthorized access to protected components, expose sensitive data, or escalate privileges within the Android environment.

    An attacker could exploit this vulnerability by means of a malicious app installed on the device through some other means to access internal directories associated with an app that has the SDK integrated, resulting in unauthorized access to sensitive data.

    Cybersecurity

    There is no evidence that the vulnerability was ever exploited in a malicious context. That said, developers who integrate the SDK are recommended to update to the latest version as soon as possible, especially given that even trivial flaws in upstream libraries can have cascading impacts and impact millions of devices.

    “This case shows how weaknesses in third‑party SDKs can have large‑scale security implications, especially in high‑value sectors like digital asset management,” Microsoft said. “Apps increasingly rely on third‑party SDKs, creating large and often opaque supply‑chain dependencies. These risks increase when integrations expose exported components or rely on trust assumptions that aren’t validated across app boundaries.”

    30M 50m Android Crypto EngageLab Exposed flaw including SDK users wallets
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleFans Will Soon Get to Go Inside David Bowie’s Childhood…
    Next Article Florida AG announces investigation into OpenAI over shooting that allegedly involved ChatGPT
    admin
    • Website

    Related Posts

    20+ Hijacked Government Websites Became
an Attack Channel

    July 16, 2026

    New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

    July 16, 2026

    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    July 16, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    20+ Hijacked Government Websites Became
an Attack Channel

    Truth Social is selling real-time access to posts that could move the markets

    Opinion | The Left Needs to Reclaim Its Optimism

    Warnock and Ossoff, Georgia’s Senators, Ridicule Trump’s Election Fraud Claims

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by