Apple and Google Remove 20 Apps Containing Data-Stealing Malware SparkCat

Apple and Google have removed 20 apps from their respective app stores after security researchers discovered that the apps were carrying a data-stealing malware called SparkCat. The malware had been active since March 2024 and was initially identified in a food delivery app used in the UAE and Indonesia. The malicious framework was later found in 19 additional apps, which were downloaded over 242,000 times from the Google Play Store.

The malware uses optical character recognition (OCR) to scan device image galleries for keywords, specifically targeting cryptocurrency wallet recovery phrases in various languages, including English, Chinese, Japanese, and Korean. This could give attackers full access to victims’ wallets, enabling them to steal funds. Additionally, the malware could extract personal information, such as passwords and messages, from screenshots.

After Kaspersky reported the findings, both Apple and Google acted swiftly to remove the compromised apps from their stores. Google confirmed that the apps had been taken down and that developers responsible for them had been banned. They also reassured users that the Google Play Protect feature had provided protection against the malware on Android devices.

Despite the apps being removed from the official stores, Kaspersky’s telemetry data suggested that the malware could still be found on other websites and unofficial app stores. Apple did not provide further comment on the issue.

Source: Techcrunch