Hot
Video
Sports
Cricket
Entertainment
Technology
Health
Lifestyle
Auto
Business
Education
National
World
Politics
Travel
Food
Beware! This crypto-stealing malware is targeting Android, iOS users
NewsBytes February 06, 2025 07:39 PM


Beware! This crypto-stealing malware is targeting Android, iOS users
06 Feb 2025


A new malware, dubbed SparkCat, is putting the security of Android and iOS users at risk.

The malicious software development kit (SDK) has been spotted in many apps on Google Play and Apple App Store.

It is designed to steal the content of cryptocurrency wallets using optical character recognition (OCR) technology.

The campaign has already affected thousands of users.


Unique operating mechanisms on different platforms
Malware operation


The malicious SDK, SparkCat, behaves differently on Android and iOS devices.

On Android, it utilizes a Java component called Spark that serves as an analytics module.

This component fetches encrypted configuration files from GitLab with updates and commands for the malware.

For iOS devices, the framework uses different names such as Gzip, googleappsdk or stat and connects with C2 servers via Rust-based networking module imnetsys.


SparkCat's primary function and data extraction process
Objective


The primary goal of SparkCat is to scan pictures on a user's device for cryptocurrency wallet recovery phrases.

These phrases are usually stored as screenshots or photos and are used to gain access to cryptocurrency wallets.

The malware uses Google ML Kit OCR to extract text from images, looking for specific keywords in various languages like Latin, Korean, Chinese, and Japanese.

Once a recovery phrase is detected, the stolen data is sent to the attackers' servers.


SparkCat's region-specific strategies and infected apps
Spread


Kaspersky's investigation also found that SparkCat is region-specific, using different keywords and targeting strategies for Europe, Asia, etc.

However, the researchers warn that these apps could still work outside their intended regions, risking a wider audience.

So far, 18 Android apps and 10 iOS apps have been flagged as infected. One such example is the Android app — ChatAi — which had over 50,000 downloads before being pulled from the Google Play Store.


Expert advice on dealing with SparkCat-infected apps
Safety measures


If you suspect having installed any malware-infected apps, uninstall them immediately.

Experts also recommend installing a reliable mobile antivirus tool to scan your device for any residual traces of the malware.

In severe cases, you may even have to go for a factory reset to perform a complete removal.

Self-hosted and offline password managers with vault features can also add an extra layer of security against such threats.

You might like
One thing keeps people returning to seaside town with golden sands and late-night ice cream parlour
Airlines still flying from UK to Aalborg after Ryanair scraps direct route
ChatGPT search engine is now accessible without sign-in
ChatGPT search engine is now accessible without sign-in
'Amazing' £44 red light device for brightening dark aged under eyes
© Copyright @2025 LIDEA. All Rights Reserved.