- Cryptocurrency wallet-targeting Malware discovered on iOS App Store for the first time, affecting multiple applications.
- SparkCat malware campaign has infected apps with over 242,000 combined downloads on Google Play Store.
- Malicious apps use OCR technology to scan device galleries for cryptocurrency wallet recovery phrases.
- Affected applications include legitimate-appearing food delivery services and AI messaging apps.
- Apple‘s App Store review process shows vulnerability despite claimed security measures.
A sophisticated malware campaign dubbed “SparkCat” has breached both Apple‘s App Store and Google Play Store security measures, targeting cryptocurrency users’ wallet recovery phrases through seemingly legitimate applications, security researchers at Kaspersky revealed today.
The campaign, active since March 2024, represents the first documented case of crypto-stealing malware successfully infiltrating Apple‘s typically stringent App Store ecosystem. Among the compromised applications, an Indonesian food delivery app called ComeCome accumulated over 10,000 downloads before detection.
The malware operates through a concealed SDK framework that employs optical character recognition (OCR) technology to scan users’ photo galleries for specific keywords related to cryptocurrency wallets. “What makes this Trojan particularly dangerous is that there’s no indication of a malicious implant hidden within the app,” Kaspersky researchers noted in their detailed analysis.
On the Google Play Store front, the impact appears more severe, with infected applications amassing over 242,000 downloads collectively. This breach occurs despite Google‘s recent efforts to enhance security, which resulted in blocking more than 2 million risky applications in 2024 alone.
Security experts recommend immediate removal of affected applications and advise against storing sensitive information in device galleries. Instead, users should employ secure password managers for storing critical credentials. For comprehensive device protection, experts suggest installing reputable antivirus software.
The emergence of SparkCat malware highlights an evolving threat landscape where cybercriminals increasingly target cryptocurrency assets through sophisticated social engineering and malware distribution techniques. Users should exercise heightened caution when downloading applications, particularly those requesting extensive device permissions or access to sensitive data.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- New Lead in Satoshi Mystery: Bitcoin Creator May Have Left Digital Footprints at Canadian Exchange
- Coinbase Legal Chief Testifies Before Congress on Regulatory Barriers Between Banks and Crypto
- AI Token Market Plunges: Leading Projects See Up to 90% Drop from 2024 Peak
- Trump’s Truth Platform Unveils Six New Financial Products Including ETFs and SMAs
- Tron’s Justin Sun Sues David Geffen Over $78M Giacometti Sculpture Dispute
