Critical EngageLab SDK Vulnerability Exposed Millions of Android Crypto Wallet Users
Security researchers at Microsoft Defender uncovered a severe vulnerability in the EngageLab SDK, a widely used third-party component embedded in Android applications, which posed a major risk to cryptocurrency wallet users. The flaw allowed malicious apps on the same device to bypass Android’s security sandbox, granting unauthorized access to sensitive data stored in crypto wallet apps.
The vulnerability enabled attackers to:
- Steal private keys from cryptocurrency wallets
- Extract account credentials and transaction histories
- Inject malicious code to manipulate transactions
The issue stemmed from the SDK’s improper handling of inter-app data access, effectively undermining Android’s core sandboxing protections. Given the broad adoption of the EngageLab SDK across multiple apps, the flaw had the potential to expose users across the Android ecosystem simultaneously.
Following Microsoft Defender’s disclosure, EngageLab released a patch to address the vulnerability. Developers integrating the SDK were urged to apply the fix immediately to prevent exploitation. The incident underscores the risks posed by third-party software components, particularly in applications managing high-value financial data.
EngageLab cybersecurity rating report: https://www.rankiteo.com/company/engagelab-aurora-mobile
"id": "ENG1775831471",
"linkid": "engagelab-aurora-mobile",
"type": "Vulnerability",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Millions of Android crypto '
'wallet users',
'industry': 'Software Development',
'name': 'EngageLab',
'type': 'Third-party SDK provider'}],
'attack_vector': 'Third-party SDK vulnerability',
'customer_advisories': 'Developers urged to apply the patch immediately',
'data_breach': {'data_exfiltration': 'Potential (via malicious apps)',
'personally_identifiable_information': 'Account credentials',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Private keys',
'Account credentials',
'Transaction histories']},
'description': 'Security researchers at Microsoft Defender uncovered a severe '
'vulnerability in the EngageLab SDK, a widely used third-party '
'component embedded in Android applications, which posed a '
'major risk to cryptocurrency wallet users. The flaw allowed '
'malicious apps on the same device to bypass Android’s '
'security sandbox, granting unauthorized access to sensitive '
'data stored in crypto wallet apps. The vulnerability enabled '
'attackers to steal private keys from cryptocurrency wallets, '
'extract account credentials and transaction histories, and '
'inject malicious code to manipulate transactions. The issue '
'stemmed from the SDK’s improper handling of inter-app data '
'access, undermining Android’s core sandboxing protections. '
'Given the broad adoption of the EngageLab SDK across multiple '
'apps, the flaw had the potential to expose users across the '
'Android ecosystem simultaneously. Following Microsoft '
'Defender’s disclosure, EngageLab released a patch to address '
'the vulnerability, and developers were urged to apply the fix '
'immediately.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'EngageLab and affected apps',
'data_compromised': 'Private keys, account credentials, '
'transaction histories',
'identity_theft_risk': 'High (due to private key and credential '
'exposure)',
'operational_impact': 'Potential unauthorized access and '
'transaction manipulation',
'payment_information_risk': 'High (due to transaction manipulation '
'risk)',
'systems_affected': 'Android applications using EngageLab SDK'},
'lessons_learned': 'Risks posed by third-party software components, '
'especially in applications managing high-value financial '
'data',
'post_incident_analysis': {'corrective_actions': 'Patch released by EngageLab',
'root_causes': 'Improper handling of inter-app '
'data access in EngageLab SDK'},
'recommendations': 'Developers should promptly apply patches for third-party '
'SDKs and conduct thorough security reviews of integrated '
'components',
'references': [{'source': 'Microsoft Defender'}],
'response': {'containment_measures': 'Patch released by EngageLab',
'remediation_measures': 'Developers urged to apply the patch '
'immediately',
'third_party_assistance': 'Microsoft Defender'},
'title': 'Critical EngageLab SDK Vulnerability Exposed Millions of Android '
'Crypto Wallet Users',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'Improper handling of inter-app data access in '
'EngageLab SDK'}