The next generation of Android malware could use a technique called 'pixnapping,' which was recently discovered by a group of researchers from UC Berkeley and other institutions. Prior research from 2013 showed that a malicious website could snatch the pixels from your screen. It's not exactly a screenshot, but it might as well be. According to the University of Hawaiʻi–West Oʻahu report, which summarizes the 2013 paper along with five new papers from 2025, "[B]y measuring each pixel's rendering time, an attacker can deduce the pixels of an unknown image. A malicious site could load a website that a victim is using and recreate the image pixel by pixel. The copy that the hacker recreates is not always perfect, but it is close enough to determine what the image is."

This research was recently iterated upon, revealing that a currently known side-channel vulnerability present in even the latest Android devices, like the Samsung Galaxy S25 Ultra, provides a new attack pathway. In this version of the attack, a malicious app replaces the malicious website used in the original research. Unknown to the user, the app chugs away in the background, able to exfiltrate information from any app the user has open on their screen. Researchers were able to steal two-factor authentication codes from Google Authenticator, details of Venmo accounts, and even messages from encrypted messaging apps, including Signal. In other words, anything on your screen is up for grabs.

The good news is that researchers have not released the source code for this attack (for obvious reasons), and there are no known examples of real attacks using this method. The bad news? There is no known method to stop a pixnapping attack. However, basic precautions can keep you safe.