Michaela
Global cybersecurity company Kaspersky Labs has revealed that malicious software development kits found in apps on both Google Play and Apple’s App Store are being used to steal cryptocurrency. The malware in app stores reportedly scans user photos for wallet recovery phrases, allowing hackers to access and empty crypto funds.
In a February 4 report, Kaspersky analysts Sergey Puzan and Dmitry Kalinin revealed that the malware, dubbed SparkCat, targets devices by using an optical character recognition (OCR) tool. Once the device is infected, the malware scans images for specific keywords in multiple languages, looking for sensitive data.
“The intruders steal recovery phrases for crypto wallets, which are enough to gain full control over the victim’s wallet for further theft of funds,” Puzan and Kalinin wrote. “It should be noted that the flexibility of the malware allows it to steal not only secret phrases but also other personal data from the gallery, such as the content of messages or passwords that could remain on screenshots.”
Kaspersky’s analysts advised users to refrain from storing sensitive information in screenshots or photo galleries. They recommended the use of a password manager instead for better security. The analysts also urged users to remove any suspicious or compromised apps from their devices.
The analysts further revealed that on Android devices, the malware operates through a Java component known as Spark, which is concealed as an analytics module. It also utilizes an encrypted configuration file hosted on GitLab to receive commands and updates for its operations.
Kaspersky reported that the malware in app stores primarily targeted Android and iOS users across Europe and Asia, with an estimated 242,000 downloads since its activation in March.
The firm’s findings reveal that the malware is embedded in numerous apps, both legitimate and fraudulent, across both Google Play and the Apple App Store. Despite being present in various apps, it shares common traits, including the use of the Rust programming language — uncommon in mobile applications — cross-platform functionality, and obfuscation techniques that hinder detection and analysis.
Additionally, the analysts noted that it remains uncertain whether the affected apps were compromised through a supply chain attack or if the developers deliberately integrated the Trojan into them.
The source of the malware in app stores remains unidentified, with no clear attribution to any specific group. However, it bears similarities to a campaign discovered by ESET researchers in March 2023.
Read More
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware
- Victim Loses $35,000 in Otxo Conference Malware Attack
- Truflation Suffers $5 Million Loss in Malware Attack
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
