Kaspersky Uncovers Scam SparkCat Malware Targeting Crypto Wallets

Hours
Comments 0 Comments
Cybersecurity firm Kaspersky has identified SparkCat malware embedded in software development kits (SDKs) used for mobile applications on Google Play and Apple’s App Store.
Key Takeaways:
– SparkCat malware, embedded in SDKs on Google Play and Apple’s App Store, uses OCR to scan user images for cryptocurrency wallet recovery phrases.
– The malware has infected apps like ComeCome, WeTink, and AnyGPT, allowing attackers to steal crypto assets and other sensitive data from screenshots.

SparkCat malware exploits optical character recognition (OCR) technology to scan user images for cryptocurrency wallet recovery phrases, putting digital assets at risk.

Kaspersky Uncovers Scam SparkCat Malware Targeting Crypto Wallets

Kaspersky researchers Sergey Puzan and Dmitry Kalinin detailed their findings in a February 4 report, revealing that SparkCat-infected apps have passed Apple’s security checks, marking a significant security breach. Notable compromised apps include ComeCome, WeTink, and AnyGPT.

Once installed, SparkCat malware searches images on a device for specific keywords in multiple languages, extracting recovery phrases that provide full control over victims’ crypto wallets. The malware’s adaptability also allows it to capture additional sensitive information, such as messages and passwords from screenshots.

On Android, SparkCat malware operates through a Java-based component disguised as an analytics module. It utilizes an encrypted configuration file stored on GitLab to receive operational commands.

A trust-based networking module further employs Google ML Kit OCR to extract text from images, enabling attackers to access cryptocurrency wallets remotely. Kaspersky estimates that SparkCat malware has been active since March 2024, initially targeting Android users before spreading to iOS.

The malware has reportedly been downloaded approximately 242,000 times, primarily affecting users in Europe and Asia. Some infected applications remain available on the App Store, though it remains unclear whether developers intentionally included the malware or if their systems were compromised.

Disclaimer: The information on this website is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are volatile, and investing involves risk. Always do your own research and consult a financial advisor.

John Kojo Kumi is a seasoned cryptocurrency and blockchain writer celebrated for his in-depth analysis of emerging startups, tokenomics, and crypto market trends. With a Bachelor of Arts in Geography and Rural Development from Kwame Nkrumah University of Science and Technology, Kumasi, John offers a unique perspective that integrates academic knowledge with industry expertise.

Throughout his career, John has made significant contributions to Crypto News Flash, ZyCrypto, and Coinstaker Media, where he sharpened his skills in crypto journalism and blockchain analysis. Now at Bitcoininfonews.com, he provides comprehensive coverage of cryptocurrencies, DeFi, NFTs, and Web3, equipping readers with the insights needed to navigate the fast-paced blockchain ecosystem. His expertise in content management, SEO, and thorough research makes his work a trusted resource for the global crypto community

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *