.png){kind=logo}
Apple and Google removed 20 malicious apps from their respective app stores following the revelation of a data-stealing malware, known as SparkCat. It had been operational since March 2024 by masquerading as apparently harmless applications like food delivery services to target its victims.
SparkCat Malware uses OCR to steal crypto wallet data from food delivery apps on app stores with 242,000 downloads
Researchers discovered that SparkCat employed OCR to scan image galleries on infected devices. The malware looked for recovery phrases associated with cryptocurrency wallets, which gave the attackers access to the funds. It also extracted sensitive information from screenshots, including passwords and private messages.
Kaspersky's security team initially detected the malware in a food delivery application, which is in use in the United Arab Emirates and Indonesia. Further investigation shows that SparkCat had infected 19 other apps, with the total downloads in the Google Play Store standing at over 242,000. It was not Google's exclusive cyber threat since some of the affected apps were discovered on Apple's App Store too.
Within a day of receiving the report, Apple pulled down the compromised applications, and Google did the same. Google further stated that its Play Protect security feature protects Android users from known versions of the malware. The developers distributing these applications have been banned from Google Play.
Though the compromised applications are no longer on any official stores, security experts caution that this cat may continue to circulate third-party websites and other unofficial platforms for apps. All users are advised to be wary of downloading applications and to keep their devices up-to-date with the latest security protections.
This incident brings up the growing danger of mobile malware and the concern of security on the app store. As such, attackers who are using highly advanced techniques in extracting valuable information through OCR create a greater necessity for stronger cyber security measures now than ever.
