Threat Research Group Kaspersky defined a new one SparkCat option in apps available on App Store and Google Playa year after the discovery of a previous version that stole cryptocurrency from users.
El malicious program hides in seemingly legitimate apps and scans photos stored in the gallery for digital wallet recovery phrases. Given this panorama, experts emphasize the importance of taking protective measures to avoid disclosure of sensitive data.
As a new option, SparkCat is available on the App Store and Google Play
The new version of SparkCat is distributed via legitimate malware, including messaging apps designed for business communication and a food delivery app. Kaspersky specialists found two hacked applications in the App Store and one in Google Play, the malicious code of which has already been removed.
Kaspersky’s telemetry data also shows that these infected programs are spreading in other ways, including web pages that mimic the App Store interface when accessed from an iPhone.
The An updated variant of the Android malware scans the image galleries of jailbroken devices for screenshots containing certain keywords in Japanese, Korean and Chinese languagesindicating that the company is primarily targeting Asian users and their cryptocurrency assets. For its part, the iOS version takes a different approach, looking for cryptocurrency wallet recovery codes in English, potentially expanding its reach to users in different regions.
In practice, the updated version SparkCat for Android includes several additional layers to make code identification more complexincluding techniques such as virtualization and the use of cross-platform programming languages, which are still rare in malware targeting mobile devices.
Kaspersky notified Google and Apple about the detected malware.
“In some cases, the updated variant requests access to the device’s photo gallery, just like the previous version, and uses an optical character recognition (OCR) module to analyze the text present in the images. If it identifies relevant keywords, the content is sent to cybercriminals.” he claims Fabio Assolini, Lead Security Researcher, Global Research and Analysis Group, Latin America, Kaspersky.
“SparkCat is an evolving threat, and attackers are constantly improving their techniques to evade verification mechanisms in official stores. The use of code virtualization and cross-platform languages demonstrates a high level of sophistication that is still rare in mobile malware. The similarity between the versions also suggests that they are likely the same developers behind the threat, reinforcing the importance of using security solutions to protect mobile devices.” – adds the specialist.
Guidelines for protecting against mobile malware
To reduce the risk of infection, Kaspersky recommends:
- Use a robust cybersecurity solutionI like it Kaspersky for mobile. On Android, this tool prevents the installation of malware, and on iOS, it blocks attempts to connect to malicious servers and warns the user.
- Avoid storing screenshots with sensitive information in the galleryfor example key phrases cryptocurrency wallet. This data should be stored in specialized programs such as Kaspersky Password Manager.
- Be careful when downloading appseven in official stores, because they are not completely safe.
More details
Visits: 19
Share a note:
