A new malware, SparkCat, threatens the security of cryptocurrency owners by extracting recovery phrases from images.
Threats Associated with SparkCat
SparkCat integrates development kits (SDKs) used to create applications in the Google Play Store and Apple App Store, and can extract recovery phrases from images on user devices.
How SparkCat Works
The SparkCat malware uses optical character recognition (OCR) to analyze images on infected devices in search of recovery phrases. This allows attackers to gain full access to victims' wallets. SparkCat is disguised as an analysis module named Spark and uses an encrypted configuration file hosted on GitLab for commands and updates.
Protection Against SparkCat and Recommendations
To protect against this threat, it is recommended not to store sensitive information, such as recovery phrases, in the form of images. Also, suspicious applications should be removed, and devices should be updated to the latest security versions.
Paying attention to data security when installing apps can help avoid the threat of SparkCat.
