I don't know if this topic has been open before but I didn't find it and in the absence of no similar topic, I present to you this update, it is a cyber attack called the "Zero Click exploit" Used by scammers to steal vital informations from the device of its victim, it can steal your Bitcoin wallet seed phrase or private key without you even detecting it. You will only realize that your wallet has been emptied and all the Bitcoin in your wallet, are gone.
The way it enters into a victims computer or mobile devices can be unknown to that victim because it can pass through some of the trusted applications or files that the person have on their device. As long as any of the victim's device has an application that is vulnerable to the attack, it will use the opportunity to pass in the maleware code into your application that you have on your phone.
So, it doesn't really require you to click any external malicious link before you are attacked with this zero click exploit. The attackers that are using this exploit can be able to find a loophole in a popular site that the you frequently visits, then they will upload a malicious file on the web server (like web shell), and when you go to the website to download either a file, image or application, when you install it, the malware automatically installs itself too without your attention or permission.
As described from the source, even when you click to open a word document, it can lead to a zero click attack. This zero click attack can use the vulnerability of another documents to install itself on your device without you knowing and when you willingly want to open the file, picture or application, the attacker take control of your device.
Messaging and voice calling apps are liable for this zero click exploit attack because those apps parse and receive data from unknown source with code that is hidden inside the communication, it can lead to vulnerability.
Source also explains that this zero click attack can install, uninstall and delete themselves with leaving any trace behind.
I learned that you should be very careful with those kind of applications that wants you to allow them access some certain permissions on your device. For example, some applications will ask you to allow permission for camera, voice record, to read and text a message, ect. When you are unknowingly having this attack on your computer or phone, it can read your password, collect your seed phrase or private keys without your consent.
To be safe, always take the following precautions:
1. Always update the applications on your device to the latest version because if you are using old version, it puts you at risk of patch exploit.
2. lso update your device version once it is being released.
3. Download applications that are created by trusted companies and only from official stores.
4. or those using mobile devices, always treat your phones and tables like a computer by restarting the phone within every 24 hours, such action could easily override such attacks.
5. Also, delete old applications that is no longer needed or the ones you don't use often.
6. se two factor authentication on platforms that you are using for your financial transaction.
"Zero-click attacks are so dangerous because they exploit invisible vulnerabilities within our devices. One well-known example discovered in September 2021 was the Pegasus malware, which allowed hackers to turn iPhones, iPads, MacBooks, and Apple Watches into listening devices via code hidden in a PDF file. However, once the threat was discovered, Apple released a patch that stopped this avenue of attack."
https://www.packetlabs.net/posts/what-are-zero-click-attacks-and-how-can-you-protect-against-them/
