Cybersecurity experts at Kaspersky have uncovered a new malware called SparkCat, a dangerous Trojan that steals cryptocurrency wallet recovery phrases and other sensitive data from users’ smartphones. This malware has been active in Google Play and the AppStore since at least March 2024, making it the first known malware using Optical Character Recognition (OCR) technology to appear in Apple’s AppStore.
SparkCat is highly sophisticated, using machine learning to scan image galleries on infected devices, searching for recovery phrases, passwords, and other private details stored in screenshots. Once found, it sends this data to hackers, allowing them to steal funds from cryptocurrency wallets.
📢 Kaspersky has reported the infected apps to Apple and Google, but many users may still be at risk!
📡 How Does SparkCat Spread?
This malware is spreading through both legitimate apps and fake lure applications. Some of these apps are still available in Google Play and the AppStore, while others are being distributed through third-party sources.
According to Kaspersky’s research, SparkCat-infected apps have already been downloaded over 242,000 times from Google Play alone.
Examples of Infected Apps:
- Legitimate Apps: Some food delivery apps like “ComeCome” were found to be infected.
- Fake Lure Apps: Some messaging apps and AI assistants were designed to trick users into installing them.
🎯 Who Is Being Targeted?
SparkCat appears to be targeting users in the UAE, Europe, and Asia. Kaspersky researchers analyzed infected apps and found that the malware scans images for keywords in multiple languages, including:
–> English ,Chinese ,Japanese ,Korean ,French ,Italian ,Polish ,Portuguese ,Czech
While most victims appear to be in these regions, cybersecurity experts warn that anyone worldwide could be affected.
🔍 How Does SparkCat Work?
Once installed, SparkCat asks for permission to access your photo gallery. This may seem like a normal request, especially in apps like food delivery or messaging services. However, once granted access, SparkCat does the following:
1️⃣ Scans your image gallery for stored text using OCR (Optical Character Recognition) technology.
2️⃣ Identifies recovery phrases, passwords, or sensitive messages in images.
3️⃣ Sends the stolen data to the hackers.
4️⃣ Uses this information to access cryptocurrency wallets and steal funds.
💡 Why is this Trojan dangerous?
- It operates silently in the background, making it difficult for users to detect.
- It spreads through official app stores, which most users trust.
- It bypasses traditional security checks by using advanced AI-powered image recognition.
- It asks for permissions at logical moments, such as when contacting customer support, making it harder to recognize as malware.
🛡️ Who Is Behind This Attack?
Kaspersky experts analyzing the Android version of SparkCat found comments in the code written in Chinese. The iOS version contained developer home directory names like “qiongwu” and “quiwengjing”, suggesting the hackers may be fluent in Chinese. However, there is not enough evidence to link this campaign to a known cybercriminal group.
🤖 The Rise of AI-Powered Cyber Attacks
Cybercriminals are increasingly using machine learning and AI-based tools to enhance their attacks. In this case, SparkCat’s Android version decrypts and executes an OCR plugin using Google’s ML Kit library to analyze images. A similar technique is used in the iOS version.
💡 This means that hackers are evolving their methods, making cybersecurity more important than ever!
🔒 How to Protect Yourself from SparkCat
If you suspect you have downloaded an infected app, take action immediately! 🚨
✅ Remove the infected app from your phone and do not reinstall it until a security update has been released.
✅ Avoid saving sensitive screenshots that contain passwords or recovery phrases.
✅Be cautious of apps that request access to your gallery without a clear reason.
✅ Enable security software on your device to detect and remove potential threats.
✅ Only download apps from trusted developers and check user reviews before installing.
📝 Final Thoughts
With the rise of AI-driven malware like SparkCat, mobile security is more critical than ever. The fact that this Trojan successfully infiltrated both the AppStore and Google Play highlights how advanced cyber threats are becoming.
Stay vigilant, be mindful of app permissions, and always use trusted security software to protect your digital assets. 🚀🔐
Have you encountered a suspicious app? Share your experience in the comments!
What’s driving the coffee price boom? Discover key causes, market trends, and how they impact global trading here.
source : kaspersky
