- Apps that supply malware to users to steal crypto found in iOS App Store
- Some of these apps have thousands of installations across iOS and Android
- The ‘Sparkcat’ campaign has been active since March 2024
Crypto-steam Malware called ‘Sparkcat’ has been discovered on iOS and Android app stores and is embedded with a ‘malicious SDK/frame to steal recovery phrases for crypto cartoons’.
A report from Kaspersky has identified malicious apps, some with up to 10,000 downloads scanning the victim gallery to find keywords – if relevant images are found, they are then sent to a C2 server.
This is the first time a stealer has been found in the Apple App Store, and it is important because Apple is undergoing each item to ‘help provide a secure and trusted experience for users’ – so these malware -infected apps show that the review process not is as robust as it should be.
Although aimed at stealing cryptocurrency -tektogenbog recovery phrases, Kaspersky notes that malware is ‘flexible enough’ to steal other sensitive data from the victim’s galleries – here is what we know.
More malicious apps
The Malware campaign ‘Sparkcat’ was only discovered at the end of 2024 and is suspected of being active since March 2024.
The first app that Kaspersky identified was a Chinese food delivery app, Comecome. The app had over 10,000 downloads and was based in Indonesia and UAE. The app was embedded with malicious content and contained OCR spyware that selected images from the infected devices to exfilter and send to the C2 server.
However, this was not the only infected app, and researchers found that infected apps available in Google Play had been downloaded a total of over 242,000 times. By 2024, over 2 million risky Android apps were blocked from the Play Store, including some who tried to push malware and spyware – so even though Google improves its protection, it clearly manages that some are still through.
In the App Store, some apps seemed ‘to be legitimate’, like the food delivery services, while others had apparently been built to ‘lure victims’. An example of this, scientists outlined, are a number of similar AI-featured ‘Messaging apps’ of the same developer, including Anygpt and Wetink.
It is not clear whether these infections are conscious actions from developers, or is a result of the supply chain’s attack, but the report notes that “permits it requests may appear as if they are needed for its core functionality or appear harmless by first sight.
“What makes this Trojan particularly dangerous is that there is no indication of a malicious implant hidden in the app,” adds Kaspersky.
Afforded malware
Of course, if you have one of the infected apps installed on your device, Kaspersky of course recommends removing it and managing clear until a solution is released – the list of infected apps can be found here.
There are software that can help protect your device, such as antivirus software – and especially as an important part of this malware is the exfiltration of sensitive data through screens, the best advice is to avoid saving passwords, confidential documents or Sensitive information in your gallery.
Instead, check out the best password managers to save your information securely as these present a much safer and practical option to store your passwords on your photos. Make sure you do not recycle passwords on multiple sites and change your passwords regularly to avoid violation.
There are some tricks for avoiding malware apps, and given that dangerous malware apps have been found to be installed millions of times, it’s always best to be safe.
First of all, be careful about the warning signs. Go through feedback and reviews – especially the negatives, as it is probably that someone else has already marked an error. Be very suspicious of an app that asks for your existing social media information – as this may be criminals who want to hijack your account.
