Cybersecurity experts from Kaspersky have discovered the SparkCat malware hidden in SDKs on Google Play and App Store. It steals crypto wallet recovery phrases using OCR technology, having infected more than 242,000 devices.
Discovery of SparkCat Malware in SDKs
The SparkCat malware was found in SDKs on both Google Play and the Apple App Store. These SDKs contain malicious code used by developers to generate revenue, enabling device infection. SparkCat uses OCR technology to search for crypto wallet recovery phrases in images stored on infected devices. It remains unclear whether this malware was intentionally embedded by developers or introduced through a supply chain attack.
Spread of SparkCat Malware
Around 242,000 devices have been infected by SparkCat malware, primarily targeting Android and iOS users in Europe and Asia. The malware scans images for crypto wallet recovery phrases to steal digital assets. This highlights the significant vulnerability of app distribution platforms.
Recommendations for Protection from SparkCat
Kaspersky advises developers to inspect their SDKs and users to avoid storing sensitive data in photo galleries, instead using secure password managers. Users are also advised to remove suspicious apps, lock down their wallets, and, if possible, shift to hardware wallets for added security.
The discovery of SparkCat malware underscores the importance of cybersecurity awareness and vigilance among users and developers, showcasing how vulnerabilities can be exploited to steal digital assets.
