SparkCat malware returns on app stores, targeting cryptocurrency users

A new version of the SparkCat malware has been discovered on the Apple App Store and Google Play Store, more than a year after the trojan was first identified targeting both mobile operating systems. The malware conceals itself within seemingly benign applications, such as enterprise messengers and food delivery services, while silently scanning victims’ photo galleries for cryptocurrency wallet recovery phrases, according to a recent report by The Hacker News.The malware, identified by cybersecurity firm Kaspersky, has appeared in apps on both iOS and Android platforms, primarily targeting cryptocurrency users in Asia. The iOS variant scans for English mnemonic phrases, potentially giving it a broader reach. The Android version employs advanced obfuscation techniques, including code virtualization and cross-platform programming languages, and scans for Japanese, Korean, and Chinese keywords.SparkCat leverages optical character recognition (OCR) to exfiltrate images containing wallet recovery phrases from photo libraries to attacker-controlled servers when specific keywords are detected. Researchers believe the developers of the new variant are the same as the original, indicating an actively evolving threat.Source:The Hacker News