In a security breach, cybersecurity firm Kaspersky has identified a novel malware campaign, dubbed “SparkCat,” that has successfully infiltrated both Apple’s App Store and the Google Play Store.
This marks the first known instance of malicious screenshot-reading code penetrating Apple’s stringent app review process. SparkCat poses a significant threat to cryptocurrency users by employing advanced techniques to access and extract sensitive information from their devices.
How SparkCat Works
Once installed, Sparkcat requests access to your photo gallery, often under the guise of enhancing app functionality, such as providing chat support. Upon gaining permission, it utilizes Optical Character Recognition (OCR) technology to scan your images for text, specifically targeting cryptocurrency wallet recovery phrases or passwords. If it identifies such information, the malware transmits it back to the attackers, granting them the keys to your digital assets.
Which Apps Are Affected?
Kaspersky identified several apps embedded with the SparkCat malware. Notably, AI chat applications like “WeTink” and “AnyGPT,” as well as a food delivery app named “ComeCome,” were found to be compromised.
Collectively, these apps have been downloaded over 242,000 times from the official app stores. While many of the infected apps have been removed from the Apple App Store and Google Play Store, some may still be accessible through third-party sources or sideloading.
This incident marks the first known case of malware using OCR technology to extract text from images making its way into Apple’s App Store. The sophistication of SparkCat, including its use of advanced programming languages like Rust and its ability to target both major mobile operating systems, underscores the evolving tactics of cybercriminals.
To safeguard your digital assets from threats like SparkCat:
- Be Cautious with App Permissions: Scrutinize permission requests from apps, especially those asking for access to your photo gallery or personal data.
- Download from Official Source Only install apps from trusted sources and be wary of third-party app stores or links.
- Keep Your Device Updated: Regularly update your device’s operating system and apps to benefit from the latest security patches.
- Use Security Software: Consider installing reputable security applications that can detect and prevent malware infections.
- Stay Informed: Keep abreast of the latest cybersecurity news and be aware of emerging threats and vulnerabilities.
To mitigate the risk of such infections, users are advised to be vigilant about app permissions, regularly update their devices and applications, and consider using reputable security software to detect and prevent malware intrusions.
