Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

TOP SEARCHES

Stocks popular

Crypto

Currencies

CFD

Support

Emerging Malware ‘SparkCat’ Targets Cryptocurrency Users on App Stores

image
icon 05/02/25
icon 2

Emerging Malware ‘SparkCat’ Targets Cryptocurrency Users on App Stores

The emergence of malicious software development kits (SDKs) targeting users on both Google Play Store and Apple App Store has raised serious concerns within the cybersecurity community. According to a recent report released by Kaspersky Labs, a particular strain of malware known as SparkCat has been identified. This malware scans users’ images for recovery phrases related to cryptocurrency wallets, aiming to drain the funds contained within those wallets.

Once SparkCat infects a device, it employs an optical character recognition (OCR) stealer to search for images containing specific keywords across various languages. Recovery phrases extracted from these images provide attackers with complete control over victims’ cryptocurrency assets. Beyond targeting recovery phrases, SparkCat is also capable of accessing other sensitive personal data stored in the device’s gallery, including message content and passwords captured in screenshots.

Kaspersky experts recommend that users refrain from storing sensitive information in screenshots or photo galleries; instead, they advise opting for password managers to enhance security. Additionally, they emphasize the importance of uninstalling any suspicious or potentially infected applications.

On Android devices, SparkCat disguises itself as a Java component called Spark, masquerading as an analytics module while pulling operational commands from an encrypted configuration file on GitLab. The malware exploits Google’s ML Kit OCR technology to extract text from images, enabling hackers to load unwanted crypto wallets onto their devices without needing victims’ passwords.

Since its detection in March 2024, SparkCat has been downloaded approximately 242,000 times, predominantly affecting users in Europe and Asia. The malware has been found in both genuine and counterfeit applications across major app stores, utilizing rare programming languages and cross-platform capabilities that complicate its detection.

While the exact origin of SparkCat remains uncertain, Kaspersky researchers noted similarities to a prior campaign identified by ESET. The presence of comments in Chinese embedded in the code suggests that the developers may be proficient in the language, indicating a potential geographical origin for the threat.

Recomended for you

image

Crude Prices Drop After IEA Monthly Report

On Wednesday, crude prices dropped and gave back earlier gains after the IEA reduced its forecast for this year’s demand...

May 15, 2024
icon 433
May 15, 2024
icon 433
prev next
This site is registered on wpml.org as a development site.