SparkCat Crypto Stealer Malware Infected Multiple Apps on Play Store, App Store
This is the first time that apps with cryptocurrency stealing malware have been detected on Apple's App Store.
- A crypto stealer malware infected 28 apps for iOS and Android smartphones
- The apps would detect wallet recovery phrases using OCR technology
- The SparkCat malware was detected on both the App Store and Play Store
Recovery phrases can be used to gain access to crypto wallets
Photo Credit: Pexels/ Alesia Kozik
Several apps on the App Store and Google Play store were found to be infected with a crypto stealer malware by security researchers at Kaspersky. These applications reportedly included a malicious software development kit (SDK) that was designed to use optical character recognition (OCR) to steal "crypto wallet recovery phrases" from screenshots stored on a user's smartphone. It's also worth noting that this is the first time that apps with cryptocurrency stealing malware have been detected on Apple's App Store.
SparkCat Infected Apps Detected Crypto Wallet Recovery Phrases Stored Using Screenshots
In a detailed technical report published on Thursday, the researchers said that at least 18 Android applications were infected with the malicious SparkCat SDK, while the malicious framework was found in 10 iOS apps on the App Store. The cumulative download count on Android smartphones was over 2.42 lakh, according to the researchers.
Two of the infected apps on the Play Store (left) and App Store
Photo Credit: Kaspersky
Some of the infected applications appeared to be legitimate, while others (specifically messaging apps equipped with AI features) were published in order to tempt users to download the compromised application, as per the report. Meanwhile, Kaspersky said that some of the infected Android apps were still available to download via the Play Store at the time of publishing its report.
However, the researchers say that they cannot confirm whether the apps were infected by the developers on purpose, or whether they were impacted by a supply chain attack. Apple and Google have yet to publicly comment on the detection of these apps on their respective app stores.
Once installed on a user's device, these malicious apps would use a OCR technology to detect and extract text from images stored on the handset. Once the app detects a recovery phrase for a cryptocurrency wallet, it would upload the picture to an Amazon cloud server and send a message to the attacker's server to notify them when a recovery phrase is detected.
- You Should Delete These 15 'SpyLoan' Apps From Your Android Phone Today
- ToxicPanda Android Trojan Infects Over 1,500 Phones, Targets 16 Banks
- Fake CAPTCHA Pages Are Being Used to Hack Into Your Computer
- Google Might Soon Let You 'Rescan' Flagged Apps on Your Android Phone
- Telegram Vulnerability Lets Hackers Send Malware as Videos: Report
- How Hackers Are Using a Bot to Target Indians in WhatsApp e-Challan Scam
While Google and Apple have removed most of the apps detected by Kaspersky, users who have downloaded them will need to manually uninstall these applications. Meanwhile, it's worth storing recovery phrases for crypto wallets and accounts in a password manager, or an application that stores encrypted notes. This is considerably safer than keeping screenshots that are easily accessible to apps that have been granted the 'storage' or 'camera roll' permission.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.