The post Researchers Flag Crypto-Stealing Malware in Google and Apple Apps appeared on BitcoinEthereumNews.com.

Kaspersky researchers have detailed a cross‐platform malware campaign that targets cryptocurrency wallet recovery phrases through malicious mobile apps. According to a recent report, the “SparkCat” campaign uses a malicious software development kit (SDK) embedded in modified messaging apps and other applications to scan users’ image galleries for sensitive recovery data. This technique was first observed in March 2023. At the time, cybersecurity researchers observed malware features within messaging apps scanning user galleries for crypto wallet recovery phrases—commonly known as mnemonics—to send to remote servers. The initial campaign only affected Android and Windows users through unofficial app sources, the researchers said. This is not true for SparkCat, which was discovered in late 2024. This new campaign employs an SDK framework integrated into various apps available on official and unofficial app marketplaces for Android and iOS devices. In one instance, a food delivery app called “ComeCome” on Google Play was found to include the malicious SDK. The infected apps have been collectively installed more than 242,000 times, and similar malware was later identified in apps available on Apple’s App Store. Stephen Ajayi, dApp audit technical lead at crypto cybersecurity firm Hacken, told Decrypt that preventative measures employed by app stores usually amount to automated checks and rarely include manual reviews. Slava Demchuk, CEO of blockchain analytics firm AMLBot, further highlighted that the problem is compounded by code obfuscation and malicious updates that introduce malware after an app has already been approved. “In SparkCat’s case, attackers obfuscated the entry point to hide their actions from security researchers and law enforcement,” he told Decrypt. “This tactic helps them evade detection while keeping their methods secret from competitors.” The malware uses Google’s ML Kit library to perform optical character recognition (OCR) on images stored on users’ devices. When users access a support chat feature within…

---

Filed under: News - @ February 6, 2025 7:27 pm