- Applications that deliver malware to users to steal cryptography found in iOS App Store
- Some of these applications have thousands of facilities in iOS and Android.
- The ‘Sparkcat’ campaign has been active since March 2024
Cryptographic robbery malware called ‘Sparkcat’ has been discovered in iOS and Android application stores, and is integrated with a Malicious SDK/Frame to steal recovery phrases for cryptographic wallets’.
A Kaspersky report has identified malicious applications, some with more than 10,000 downloads, which scan the gallery of victims to find keywords; If relevant images are found, they are sent to a C2 server.
This is the first time a stole is in the Apple app store, and this is significant because Apple reviews each entry to ‘help provide a safe and reliable experience for users, so these applications infected with malware show that The review process is not as robust as it should be.
Although it aims to steal recovery phrases from the cryptocurrency wallet, Kaspersky points out that malware is “flexible enough” to steal other confidential data from victims galleries, this is what we know.
Multiple malicious applications
The Malware ‘Sparkcat’ campaign was first discovered at the end of 2024, and it is suspected that it was active since March 2024.
The first application identified that Kaspersky was a Chinese food delivery application. The application had more than 10,000 downloads and was headquarters in Indonesia and the EAU. The application was integrated with malicious content and contained an OCR spyware that chose images of infected devices to exfiltrate and send to the C2 server.
However, this was not the only infected application, and the researchers discovered that the infected applications available on Google Play had been downloaded a combined total of more than 242,000 times. In 2024, more than 2 million r risking Android applications were blocked from Play Store, including some that tried to push malware and spyware, so, although Google is improving its protections, some still achieve it.
In the application store, some applications “seemed to be legitimate”, such as food delivery services, while others had apparently built to “attract victims.” An example of this, the researchers described, is a series of similar messaging applications’, by the same developer, including Anygpt and Wetink.
It is not clear if these infections are deliberate actions by the developers, or are the result of attack chain attacks, but the report tells that the “permits they request may seem necessary for their central functionality or seem harmless to First view “. “
“What makes this Trojan particularly dangerous is that there are no indications of a malicious implant hidden within the application,” adds Kaspersky.
Mitigating malware
If you have one of the infected applications installed on your device, Kaspersky, of course, recommends deleting and addressing until a solution is launched: the list of infected applications can be found here.
There is software that can help protect your device, such as antivirus software, and as a key part of this particular malware is the exfiltration of confidential data through screenshots, the best advice is to avoid storing passwords, confidential documents or information Confidential in your gallery.
Instead, see the best password administrators to store your information safely, since they present a much safer and convenient option to keep their passwords in their photos. Be sure not to reuse passwords in multiple sites and change your passwords regularly to avoid rape.
There are some tricks to avoid malware applications, and considering that it has been found that dangerous malware applications have been installed millions of times, it is always better to be safe.
First, be careful with warning signals. Make comments and reviews, especially negatives, since someone else has already marked an error. Suspect a lot of an application that requests its existing social media credentials, since this could be criminals who seek to kidnap their account.
