{"id":3176,"date":"2025-02-10T09:12:12","date_gmt":"2025-02-10T09:12:12","guid":{"rendered":"https:\/\/algodeltafx.com\/blog\/?p=3176"},"modified":"2025-02-10T09:20:16","modified_gmt":"2025-02-10T09:20:16","slug":"protect-your-crypto-new-trojan-found-in-apps","status":"publish","type":"post","link":"https:\/\/algodeltafx.com\/blog\/protect-your-crypto-new-trojan-found-in-apps\/","title":{"rendered":"Protect Your Crypto: New Trojan Found in Apps"},"content":{"rendered":"<figure class=\"wp-block-post-featured-image\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1363\" height=\"766\" src=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/new-crypto-stealing-trojan-in-app-store-and-google-play.webp\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"\" style=\"object-fit:cover;\" srcset=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/new-crypto-stealing-trojan-in-app-store-and-google-play.webp 1363w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/new-crypto-stealing-trojan-in-app-store-and-google-play-300x169.webp 300w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/new-crypto-stealing-trojan-in-app-store-and-google-play-1024x575.webp 1024w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/new-crypto-stealing-trojan-in-app-store-and-google-play-768x432.webp 768w\" sizes=\"(max-width: 1363px) 100vw, 1363px\" \/><\/figure>\n\n\n<p>Cybersecurity experts at Kaspersky have uncovered a new malware called <strong>SparkCat<\/strong>, a dangerous Trojan that steals cryptocurrency wallet recovery phrases and other sensitive data from users&#8217; smartphones. This malware has been active in <strong>Google Play and the AppStore<\/strong> since at least <strong>March 2024<\/strong>, making it the first known malware using <strong>Optical Character Recognition (OCR) technology<\/strong> to appear in Apple\u2019s AppStore.<\/p>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\"><div class=\"wp-block-media-text__content\">\n<p>SparkCat is highly sophisticated, using <strong>machine learning<\/strong> to scan image galleries on infected devices, searching for recovery phrases, passwords, and other private details stored in screenshots. Once found, it sends this data to hackers, allowing them to steal funds from cryptocurrency wallets.<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/spark-cat-virus-1024x576.webp\" alt=\"\" class=\"wp-image-3183 size-full\" srcset=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/spark-cat-virus-1024x576.webp 1024w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/spark-cat-virus-300x169.webp 300w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/spark-cat-virus-768x432.webp 768w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/spark-cat-virus.webp 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<p>\ud83d\udce2 <strong>Kaspersky has reported the infected apps to Apple and Google, but many users may still be at risk!<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udce1 <strong>How Does SparkCat Spread?<\/strong><\/h2>\n\n\n\n<p>This malware is spreading through both <strong>legitimate apps<\/strong> and <strong>fake lure applications<\/strong>. Some of these apps are still available in <strong>Google Play and the AppStore<\/strong>, while others are being distributed through third-party sources.<\/p>\n\n\n\n<p>According to Kaspersky\u2019s research, SparkCat-infected apps have already been downloaded over <strong>242,000 times<\/strong> from Google Play alone.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Examples of Infected Apps:<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"578\" height=\"567\" src=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/ComeCome.webp\" alt=\"\" class=\"wp-image-3185\" srcset=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/ComeCome.webp 578w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/ComeCome-300x294.webp 300w\" sizes=\"(max-width: 578px) 100vw, 578px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Legitimate Apps<\/strong>: Some <strong>food delivery apps<\/strong> like \u201cComeCome\u201d were found to be infected.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"625\" height=\"541\" src=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/lure-app.webp\" alt=\"\" class=\"wp-image-3187\" style=\"width:575px;height:auto\" srcset=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/lure-app.webp 625w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/lure-app-300x260.webp 300w\" sizes=\"(max-width: 625px) 100vw, 625px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fake Lure Apps<\/strong>: Some <strong>messaging apps and AI assistants<\/strong> were designed to trick users into installing them.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83c\udfaf <strong>Who Is Being Targeted?<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"740\" height=\"493\" src=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/who-is-being-targeted.jpg\" alt=\"\" class=\"wp-image-3195\" style=\"width:451px;height:auto\" srcset=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/who-is-being-targeted.jpg 740w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/who-is-being-targeted-300x200.jpg 300w\" sizes=\"(max-width: 740px) 100vw, 740px\" \/><\/figure>\n\n\n\n<p>SparkCat appears to be targeting users in <strong>the UAE, Europe, and Asia<\/strong>. Kaspersky researchers analyzed infected apps and found that the malware scans images for keywords in multiple languages, including:<\/p>\n\n\n\n<p>&#8211;&gt; <strong>English<\/strong> ,<strong>Chinese<\/strong> ,<strong>Japanese<\/strong> ,<strong>Korean<\/strong> ,<strong>French<\/strong> ,<strong>Italian<\/strong> ,<strong>Polish<\/strong> ,<strong>Portuguese <\/strong>,<strong>Czech<\/strong><\/p>\n\n\n\n<p>While most victims appear to be in these regions, cybersecurity experts warn that <strong>anyone worldwide could be affected.<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd0d <strong>How Does SparkCat Work?<\/strong><\/h2>\n\n\n\n<p>Once installed, SparkCat <strong>asks for permission to access your photo gallery<\/strong>. This may seem like a normal request, especially in apps like food delivery or messaging services. However, once granted access, SparkCat does the following:<\/p>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\"><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1020\" height=\"600\" src=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/what-is-OCR.webp\" alt=\"\" class=\"wp-image-3202 size-full\" srcset=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/what-is-OCR.webp 1020w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/what-is-OCR-300x176.webp 300w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/what-is-OCR-768x452.webp 768w\" sizes=\"(max-width: 1020px) 100vw, 1020px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p>1\ufe0f\u20e3 Scans your image gallery for stored text using OCR (Optical Character Recognition) technology.<br>2\ufe0f\u20e3 Identifies recovery phrases, passwords, or sensitive messages in images.<br>3\ufe0f\u20e3 Sends the stolen data to the hackers.<br>4\ufe0f\u20e3 Uses this information to access cryptocurrency wallets and steal funds.<\/p>\n<\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p>\ud83d\udca1 <strong>Why is this Trojan dangerous?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It operates <strong>silently<\/strong> in the background, making it difficult for users to detect.<\/li>\n\n\n\n<li>It spreads through <strong>official app stores<\/strong>, which most users trust.<\/li>\n\n\n\n<li>It <strong>bypasses traditional security checks<\/strong> by using advanced AI-powered image recognition.<\/li>\n\n\n\n<li>It asks for permissions <strong>at logical moments<\/strong>, such as when contacting customer support, making it harder to recognize as malware.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udee1\ufe0f <strong>Who Is Behind This Attack?<\/strong><\/h2>\n\n\n\n<p>Kaspersky experts analyzing the <strong>Android version of SparkCat<\/strong> found <strong>comments in the code written in Chinese<\/strong>. The iOS version contained <strong>developer home directory names<\/strong> like <strong>&#8220;qiongwu&#8221;<\/strong> and <strong>&#8220;quiwengjing&#8221;<\/strong>, suggesting the hackers may be fluent in Chinese. However, there is <strong>not enough evidence<\/strong> to link this campaign to a known cybercriminal group.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\udd16 <strong>The Rise of AI-Powered Cyber Attacks<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"740\" height=\"562\" src=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/ai-powered-cyber-attacks.webp\" alt=\"\" class=\"wp-image-3205\" style=\"width:495px;height:auto\" srcset=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/ai-powered-cyber-attacks.webp 740w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/ai-powered-cyber-attacks-300x228.webp 300w\" sizes=\"(max-width: 740px) 100vw, 740px\" \/><\/figure>\n\n\n\n<p>Cybercriminals are increasingly using <strong>machine learning and AI-based tools<\/strong> to enhance their attacks. In this case, SparkCat\u2019s Android version <strong>decrypts and executes an OCR plugin using Google\u2019s ML Kit library<\/strong> to analyze images. A similar technique is used in the iOS version.<\/p>\n\n\n\n<p>\ud83d\udca1 <strong>This means that hackers are evolving their methods, making cybersecurity more important than ever!<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd12 <strong>How to Protect Yourself from SparkCat<\/strong><\/h2>\n\n\n\n<p>If you suspect you have downloaded an infected app, <strong>take action immediately!<\/strong> \ud83d\udea8<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"826\" height=\"413\" src=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/sparkcat.jpg\" alt=\"\" class=\"wp-image-3211\" srcset=\"https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/sparkcat.jpg 826w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/sparkcat-300x150.jpg 300w, https:\/\/algodeltafx.com\/blog\/wp-content\/uploads\/2025\/02\/sparkcat-768x384.jpg 768w\" sizes=\"(max-width: 826px) 100vw, 826px\" \/><\/figure>\n\n\n\n<p>\u2705 Remove the infected app from your phone and do not reinstall it until a security update has been released.<br>\u2705 Avoid saving sensitive screenshots that contain passwords or recovery phrases.<br>\u2705Be cautious of apps that request access to your gallery without a clear reason.<br>\u2705 Enable security software on your device to detect and remove potential threats.<br>\u2705 Only download apps from trusted developers and check user reviews before installing.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udcdd <strong>Final Thoughts<\/strong><\/h2>\n\n\n\n<p>With the rise of <strong>AI-driven malware like SparkCat<\/strong>, mobile security is more critical than ever. The fact that this Trojan successfully infiltrated <strong>both the AppStore and Google Play<\/strong> highlights how advanced cyber threats are becoming.<\/p>\n\n\n\n<p>Stay vigilant, be mindful of app permissions, and <strong>always use trusted security software<\/strong> to protect your digital assets. \ud83d\ude80\ud83d\udd10<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Have you encountered a suspicious app? Share your experience in the comments!<\/strong><\/h4>\n\n\n\n<p>What\u2019s driving the coffee price boom? Discover key causes, market trends, and how they impact global trading <a href=\"https:\/\/algodeltafx.com\/blog\/coffee-price-boom-key-causes-market-trends\/\" target=\"_blank\" rel=\"noopener\" title=\"\">here<\/a>.<\/p>\n\n\n\n<p>source : <a href=\"https:\/\/www.kaspersky.co.in\/\" target=\"_blank\" rel=\"noopener\" title=\"kaspersky\">kaspersky<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity experts at Kaspersky have uncovered a new malware called SparkCat, a dangerous Trojan that steals cryptocurrency wallet recovery phrases and other sensitive data from users&#8217; smartphones. This malware has&hellip;<\/p>\n","protected":false},"author":1,"featured_media":3179,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,15],"tags":[],"class_list":["post-3176","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto","category-information"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/posts\/3176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/comments?post=3176"}],"version-history":[{"count":35,"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/posts\/3176\/revisions"}],"predecessor-version":[{"id":3219,"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/posts\/3176\/revisions\/3219"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/media\/3179"}],"wp:attachment":[{"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/media?parent=3176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/categories?post=3176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/algodeltafx.com\/blog\/wp-json\/wp\/v2\/tags?post=3176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}