Michaela
Global cybersecurity company Kaspersky Labs has revealed that malicious software development kits found in apps on both Google Play and Apple’s App Store are being used to steal cryptocurrency. The malware in app stores reportedly scans user photos for wallet recovery phrases, allowing hackers to access and empty crypto funds.
In a February 4 report, Kaspersky analysts Sergey Puzan and Dmitry Kalinin revealed that the malware, dubbed SparkCat, targets devices by using an optical character recognition (OCR) tool. Once the device is infected, the malware scans images for specific keywords in multiple languages, looking for sensitive data.
“The intruders steal recovery phrases for crypto wallets, which are enough to gain full control over the victim’s wallet for further theft of funds,” Puzan and Kalinin wrote. “It should be noted that the flexibility of the malware allows it to steal not only secret phrases but also other personal data from the gallery, such as the content of messages or passwords that could remain on screenshots.”
Kaspersky’s analysts advised users to refrain from storing sensitive information in screenshots or photo galleries. They recommended the use of a password manager instead for better security. The analysts also urged users to remove any suspicious or compromised apps from their devices.
Related: Father of Crypto Entrepreneur Kidnapped in Broad Daylight in Val-d’Oise
The analysts further revealed that on Android devices, the malware operates through a Java component known as Spark, which is concealed as an analytics module. It also utilizes an encrypted configuration file hosted on GitLab to receive commands and updates for its operations.
Kaspersky reported that the malware in app stores primarily targeted Android and iOS users across Europe and Asia, with an estimated 242,000 downloads since its activation in March.
The firm’s findings reveal that the malware is embedded in numerous apps, both legitimate and fraudulent, across both Google Play and the Apple App Store. Despite being present in various apps, it shares common traits, including the use of the Rust programming language — uncommon in mobile applications — cross-platform functionality, and obfuscation techniques that hinder detection and analysis.
Related: 5 Reasons Public Keys Are Essential for Keeping Your Crypto Safe
Additionally, the analysts noted that it remains uncertain whether the affected apps were compromised through a supply chain attack or if the developers deliberately integrated the Trojan into them.
The source of the malware in app stores remains unidentified, with no clear attribution to any specific group. However, it bears similarities to a campaign discovered by ESET researchers in March 2023.
Read More
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware
- Victim Loses $35,000 in Otxo Conference Malware Attack
- Truflation Suffers $5 Million Loss in Malware Attack
MICHAELA
Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.
