Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent.

The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu said in an analysis, adding the targeting footprint has broadened in scope to include the U.K.The campaign makes use of bogus Android apps that are disguised as seemingly legitimate banking, government facilities, streaming, and utility apps in an attempt to trick users into installing them. As many as 280 fake applications have been detected since the start of the year. It all starts with SMS messages bearing booby-trapped links that urge users to download the apps in question in the form of APK files hosted on deceptive sites. Once installed, they are designed to request intrusive permissions to collect data from the devices.This includes contacts, SMS messages, photos, and other device information, all of which is then exfiltrated to an external server under the threat actor's control.The most notable feature is its ability to leverage optical character recognition (OCR) to steal mnemonic keys, which refer to a recovery or seed phrase that allows users to regain access to their cryptocurrency wallets.