Security researchers at Kaspersky have identified a new malware named SparkCat that has been targeting Android and iOS devices since March 2024. Initially discovered in a food delivery app popular in the United Arab Emirates and Indonesia, the malicious framework was later found hidden within 19 other applications. These apps, cumulatively downloaded more than 242,000 times from Google’s Play Store, have since been removed. The developers responsible for these apps have been banned from Google's platform.
The SparkCat malware employed sophisticated techniques, including optical character recognition (OCR), to scan image galleries on victims' devices. By searching for specific keywords, it aimed to extract recovery phrases for cryptocurrency wallets. This capability posed a significant threat across multiple languages, including English, Chinese, Japanese, and Korean. The malware’s distribution extended beyond official channels, as it was also available from various websites and non-official app stores.
Upon receiving the report from Kaspersky, Google acted swiftly to mitigate the threat. A Google spokesperson, Ed Fernandez, confirmed the removal of the apps, stating:
"All of the identified apps have been removed from Google Play, and the developers have been banned."
Android users were safeguarded from known versions of the malware by Google Play Protect. Meanwhile, Apple took similar measures last week by pulling the compromised apps from its App Store.
The discovery of the SparkCat malware highlights the substantial risks associated with malicious software, as it successfully evaded detection and compromised data for nearly a year. Kaspersky’s findings underscore the importance of continuous vigilance by both app stores and users to prevent such incidents.
Leave a Reply