Crypto Malware Found in Google and Apple Apps Puts User Funds at Risk
Cybersecurity experts at Kaspersky Lab have identified maliciously modified mobile apps designed to steal sensitive information from crypto wallets.
These apps use optical character recognition (OCR) to scan images stored in a device’s gallery, extract confidential data, and transmit it to a remote server. The threat was initially discovered by ESET researchers in March 2023, but at the time, it only affected Android and Windows users who downloaded messaging apps from unofficial sources.
However, hackers have since enhanced their attack methods, launching a new campaign known as SparkCat, which now targets both iOS and Android users via official app stores. On Google Play, these malicious apps have already been downloaded over 242,000 times, and for the App Store, this marks the first recorded instance of a data-stealing app bypassing Apple’s security measures.
According to Stephen Ajayi, dApp audit technical lead at crypto cybersecurity firm Hacken, being listed in official app stores does not guarantee security, as automated review systems often fail to detect malicious code. Hackers are also employing increasingly sophisticated programming techniques, making their malware harder to identify.
In SparkCat’s case, attackers obfuscated the entry point to hide their actions from security researchers and law enforcement. This tactic helps them evade detection while keeping their methods secret from competitors,
explained Slava Demchuk, CEO of blockchain analytics firm AMLBot.
Most malicious apps were disguised as AI-powered chat services, making them appear legitimate to unsuspecting users. Researchers believe the actual number of infected apps is likely much higher than currently reported. While Google Play and the App Store have removed most of these applications, some remain available for download.
Interestingly, the code of these malicious apps contains comments in Chinese, and server error messages also appear in Chinese. However, cybersecurity experts are hesitant to directly link these attacks to Chinese hacker groups at this stage. Moreover, these malicious programs don’t just target crypto wallet seed phrases—they also steal regular login credentials and passwords.
Related: WhiteBIT’s Cybersecurity Tips
The risk could intensify if cybercriminals start selling pre-built attack scripts or integrating AI-driven automation to enhance real-time data extraction. To reduce the risk, users should carefully manage app permissions, and avoid granting unnecessary access to files and images.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
