- SparkCat info stealer hidden in iOS App Store and Play Store apps
- Targets cryptocurrency seed phrases via OCR and keywords
- New obfuscation techniques make detection more difficult
SparkCat, a mobile-first infostealer that targets people’s cryptocurrencies, is back with new upgrades that make it harder to spot.
Cybersecurity researchers Kaspersky claim to have found several apps in both the Apple App Store and Google Play Store that deliver the malware.
Apple and Google app stores are generally safe, and knowing the size and popularity of the platforms, both companies go the extra mile to ensure that the apps offered there are clean. But every once in a while, threat actors manage to work around the perimeter to smuggle in malicious apps.
The article continues below
In search of mnemonics
In this case, Kaspersky said it discovered enterprise messengers and apps for food delivery services hiding SparkCat.
This infostealer was first discovered in 2025, looking for people’s mnemonic seeds or “seed phrases” – a set of 12 or 24 seemingly random words that can be used to load a person’s cryptocurrency wallet onto another device as a backup solution if the device is lost or broken.
SparkCat recently made headlines for the way it used OCR (Optical Character Recognition) to extract seed sentences from photos and screenshots. It primarily targeted Asian users, and while the new version still does the same, it has taken it a step further to potentially target Western users as well.
The Android version still hunts for Japanese, Korean and Chinese keywords. However, the iOS version hunts for English mnemonics.
Kaspersky also says that some changes were also made under the hood, with the developers adding code virtualization and cross-platform languages for better obfuscation. These techniques, they claim, are rarely seen in mobile malware.
The researchers said they reported their findings to both Google and Apple and that “some” of the malicious apps had already been removed.
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
