A new version of the SparkCat malware has been discovered on the Apple App Store and Google Play Store, more than a year after the trojan was first identified targeting both mobile operating systems. The malware conceals itself within seemingly benign applications, such as enterprise messengers and food delivery services, while silently scanning victims' photo galleries for cryptocurrency wallet recovery phrases, according to a recent report by The Hacker News.The malware, identified by cybersecurity firm Kaspersky, has appeared in apps on both iOS and Android platforms, primarily targeting cryptocurrency users in Asia. The iOS variant scans for English mnemonic phrases, potentially giving it a broader reach. The Android version employs advanced obfuscation techniques, including code virtualization and cross-platform programming languages, and scans for Japanese, Korean, and Chinese keywords.SparkCat leverages optical character recognition (OCR) to exfiltrate images containing wallet recovery phrases from photo libraries to attacker-controlled servers when specific keywords are detected. Researchers believe the developers of the new variant are the same as the original, indicating an actively evolving threat.Source: The Hacker News
Threat Intelligence, Malware, Application security

SparkCat malware returns on app stores, targeting cryptocurrency users

(Credit: MysteryShot – stock.adobe.com)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



