Summary: A new malware campaign named SparkCat has been discovered, exploiting fraudulent apps on both Apple’s App Store and Google’s Play Store to steal cryptocurrency wallet recovery phrases. The malware utilizes an OCR model to extract sensitive information from users’ photo libraries and sends it to an external server. This campaign has been particularly notable for successfully infiltrating Apple’s App Store and has targeted users mainly in Europe and Asia.
Affected: Apple App Store, Google Play Store, Cryptocurrency Wallet Users
Keypoints :
- SparkCat malware employs a rogue SDK to masquerade as legitimate apps while stealing mnemonic phrases associated with crypto wallets.
- The applications, disguised as AI, food delivery, and Web3 utilities, have been downloaded over 242,000 times from Google’s Play Store.
- Users in Europe and Asia are primarily targeted, with reports indicating potential involvement of a threat actor fluent in Chinese.
Source: https://thehackernews.com/2025/02/sparkcat-malware-uses-ocr-to-extract.html