Summary: The video discusses a newly discovered malicious SDK named Spark that has been infecting applications on both iOS and Android platforms, first identified in a food delivery app called CumCum. This SDK retrieves JSON configuration files from GitLab, enabling the malware to process and upload specific images and keywords to command and control (C2) servers. The attackers show signs of being financially motivated, targeting cryptocurrency recovery phrases, amidst concerns about the broader infection of other apps.
The Kaspersky team discovered a malicious SDK called Spark infecting apps on iOS and Android.
The first instance was found in a popular food delivery app called CumCum in the UAE and Indonesia.
The malicious SDK retrieves JSON files from GitLab containing C2 server information.
Malware can process images and keywords, filtering them to upload to C2 servers.
Attacks are financially motivated, specifically targeting cryptocurrency recovery phrases known as mnemonics.
Other infected apps include several AI applications, totaling approximately 242,000 downloads across both app stores.
Communications with the C2 server were primarily in Chinese, but no specific group was attributed to the campaign.
The Kaspersky team did not confirm if users of the infected food delivery app received their orders.
Keypoints:
Youtube Video: https://www.youtube.com/watch?v=9p5anIsjtbg
Youtube Channel: Hak5
Video Published: Thu, 13 Feb 2025 13:00:14 +0000