A newly discovered malware hidden inside app development kits is targeting Android and iOS users by scanning stored images for crypto wallet recovery phrases, according to cybersecurity company Kaspersky Labs.
The malware, known as SparkCat, is embedded in software tools used to build apps for Google Play and the Apple App Store. Once installed, it searches for specific text in images, including wallet backup phrases, using optical character recognition (OCR).
“The intruders steal recovery phrases for crypto wallets, which are enough to gain full control over the victim’s wallet for further theft of funds,” wrote Kaspersky researchers Sergey Puzan and Dmitry Kalinin in a February 5 report.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
Can Russia Use Crypto to Bypass Sanctions? (Animated)
SparkCat uses a Java-based component named Spark, which appears to be an analytics tool. It receives commands and updates from an encrypted file hosted on GitLab.
The malware then connects to Google ML Kit’s OCR feature, which scans images on the device for key phrases linked to crypto wallets. Once a phrase is found, attackers can access the wallet without needing the owner’s password.
Kaspersky estimates that SparkCat has been downloaded about 242,000 times since it first appeared in March 2024. It has mainly affected users in Europe and Asia, spreading through real and fake applications on major app stores.
Puzan and Kalinin noted:
Some apps, such as food delivery services, appear legitimate, while others are clearly built to lure victims — for example, we have seen several similar ‘messaging apps’ with AI features from the same developer.
Meanwhile, macOS malware recently gained traction, with reports warning of serious risks to millions of users. What is it? Read the full story.
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.
