Kaspersky researchers have identified a malicious campaign named “SparkCat” that has infiltrated both the App Store and Google Play, marking the first time such a malware has been found on Apple’s platform (via Bleeping Computer).
The SparkCat campaign employs a nefarious software development kit (SDK) embedded within various Android and iOS applications. This SDK utilizes optical character recognition (OCR) technology to scan images stored on devices, specifically targeting cryptocurrency wallet recovery phrases.
By extracting these sensitive phrases, attackers can gain unauthorized access to victims’ crypto wallets, potentially leading to significant financial losses.
On the Android platform, the malicious SDK is disguised as an analytics module named “Spark.” Once activated, it downloads a configuration file from a GitLab repository, decrypts it, and proceeds to scan the device’s image gallery for text. The SDK employs Google’s ML Kit OCR library to recognize text in various languages. Images containing keywords related to cryptocurrency recovery phrases are then uploaded to the attackers’ command and control (C2) servers.
Similarly, on iOS devices, the malware operates under different framework names such as “Gzip,” “googleappsdk,” or “stat.” It also utilizes a Rust-based networking module called “im_net_sys” to communicate with C2 servers.
The iOS variant requests access to the user’s photo gallery, often under the guise of providing chat support within the app. Once permission is granted, it scans images for sensitive information using OCR and transmits any findings back to the attackers.
The campaign appears to have been active since March 2024, with the malicious SDK/framework embedded in various apps, some of which were available on official app stores. Among the compromised applications is “ComeCome,” a food delivery service app available in the UAE and Indonesia, which had over 10,000 downloads before its removal from Google Play.
In light of this discovery, users are strongly advised to review the permissions requested by their installed applications and to be cautious when granting access to sensitive data, such as photo galleries.
Additionally, storing cryptocurrency wallet recovery phrases in digital formats, especially within photo galleries, should be avoided. Neither Apple nor Google have so far provided official comments regarding the presence of these malicious apps on their platforms.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
DUNE NECTAR WEB EXPERT's exceptional professionalism salvaged my cryptocurrency investment after a devastating loss. My digital wallet inexplicably displayed a zero balance following an unsuccessful investment venture, leaving me financially distraught. After an exhaustive, fruitless search for assistance, I discovered DUNE NECTAR WEB EXPERT. Their specialized expertise in cryptocurrency recovery proved invaluable. Their unwavering persistence, patience, and professionalism throughout the process were remarkable. I deeply appreciated their fairness and consideration. Beyond recovering my lost cryptocurrency, they proactively identified and resolved other critical online security vulnerabilities affecting my data already released to some unscrupulous individuals. Their dedication exceeded expectations, resulting in a completely satisfactory outcome. I wholeheartedly endorse their services.
Securing a trustworthy cryptocurrency recovery service online can be daunting, particularly after experiencing financial loss. However, DUNE NECTAR WEB EXPERT stands apart as a dependable choice. As grateful clients, we enthusiastically recommend their services. For inquiries, Support@dunenectarwebexpert .com, Telegram
@dunenectarwebexpert . Thank you again, DUNE NECTAR WEB EXPERT!
It's very sad that people do that! It's even worse when you are the victim. I have been there as well, and, A P T R E C O U P, a non profit organization set up by people who have been victims came to my rescue.
I want to take a moment to share with you my incredibly positive experience with Digital Light Solution, a top-notch private investigator and certified expert in recovering stolen cryptocurrencies and assets. Their exceptional services were instrumental in helping me and my wife recover from a devastating cryptocurrency investment scam. We were initially convinced by an online crypto vendor who presented themselves as an expert in the field. They seemed knowledgeable and credible, and we ended up investing a significant amount of money – $200,000 USDT, to be exact. Unfortunately, it turned out to be a sophisticated scam, and we lost everything. The experience was not only financially draining but also emotionally taxing. Feeling helpless and overwhelmed, we decided to seek professional help. That’s when we discovered Digital Light Solution. From the very beginning, it was clear that we were dealing with true professionals who had the right skills and experience to help us recover our stolen funds. I wholeheartedly recommend Digital Light Solution to anyone who has fallen victim to a similar scam. Their team is dedicated, capable, and genuinely committed to helping individuals in dire circumstances. What struck me most was their exceptional expertise and dedication to their work. They worked tirelessly to help us recover our losses, and their services went beyond just recovery. If you’re in a similar situation, don’t hesitate to reach out to Digital Light Solution. They can be contacted through Web:https://digitallightsolution.com/, Email:di******************@************ce.com. Their services are a beacon of hope for those who have lost their investments to scammers. With Digital Light Solution, you can trust that you’re in good hands, and they will do everything in their power to help you recover your stolen funds. In my opinion, Digital Light Solution is a game-changer in the world of cryptocurrency recovery. Their expertise, combined with their commitment to helping others, makes them an invaluable resource for anyone who has been affected by a crypto scam.