 "Several iOS and Android apps infected with malware that steals crypto info, 'reads' screenshots")
A newly uncovered malware campaign is making waves by targeting cryptocurrency users on both iOS and Android platforms. Security experts at Kaspersky have identified a malicious software development kit (SDK) named SparkCat that has been embedded in several apps across the Apple App Store and Google Play. This malware is designed to steal sensitive cryptocurrency wallet recovery phrases by using optical character recognition (OCR) technology to scan screenshots stored on users’ devices.
SparkCat’s stealthy nature is concerning because it has bypassed stringent app store reviews, infecting apps that seemed completely legitimate. One of the first infected apps discovered was a food delivery service called ComeCome, available in the UAE and Indonesia. Meanwhile, the Android versions of these infected apps have been downloaded over 242,000 times.
Sneaky malware with advanced capabilities
Unlike traditional malware that spreads through unofficial app stores, SparkCat managed to infiltrate major app stores. Once installed, it silently scans users’ photo galleries for wallet recovery phrases. This sensitive data is then uploaded to a command-and-control (C2) server controlled by attackers, enabling them to gain full access to crypto funds remotely.
The malware uses a custom protocol built in Rust, which is rarely seen in mobile apps, adding another layer of sophistication. Apps compromised by SparkCat include seemingly harmless ones, such as food delivery services and AI-powered messaging platforms. Researchers revealed that SparkCat has been active since at least March 2024, but Apple and Google have not disclosed the full list of infected apps, leaving many users unaware of the threat on their devices.
What to do if you’re at risk
Apple and Google have removed most infected apps, but security experts caution that some might still be available through sideloading or other third-party sources. If you suspect you’ve installed one of these apps, it’s crucial to take action immediately. Deleting suspicious apps and thoroughly scanning your device can help mitigate the risk. Users are also advised to check their crypto wallets for any signs of unauthorised access.
To protect your assets, avoid storing recovery phrases in screenshots or photos, as attackers can easily extract this information using malware like SparkCat. If you believe your wallet has been compromised, transfer your funds to a new wallet with a fresh recovery phrase. However, only do so after ensuring your device is clean from malware. Resetting app permissions, clearing cached data, and reinstalling apps only from trusted sources are also recommended steps to minimise future risks.
Staying secure in a digital age
With advanced threats like SparkCat making their way into trusted app stores, staying vigilant is more important than ever. Regularly updating your apps, using mobile security tools, and avoiding suspicious downloads can go a long way in keeping your crypto investments safe. As technology evolves, so do the methods used by attackers, making it essential to stay one step ahead in securing your digital assets.
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
