Apple and Google have yanked over 20 apps from their app stores after security experts uncovered a sneaky data-stealing operation that flew under the radar for nearly a year.
According to Kaspersky researchers, the malware—nicknamed SparkCat—has been lurking since March 2024. It first popped up in a food delivery app popular in the UAE and Indonesia. But the plot thickened when the team discovered the same malware hiding in 19 other unrelated apps, which collectively racked up over 242,000 downloads on Google Play alone.
Here’s how it worked: The malware used optical character recognition (OCR)—a tech that basically “reads” text from screens—to scan victims’ photo galleries for keywords. Its prime target? Cryptocurrency wallet recovery phrases, which it hunted in multiple languages like English, Chinese, Japanese, and Korean. Once attackers snagged these phrases, they could hijack entire crypto wallets and drain funds.
But that’s not all. The malware also snooped through screenshots, plucking sensitive details like passwords and private messages.
Apple booted the infected apps last week after Kaspersky’s report, with Google following suit. Google spokesperson Ed Fernandez told TechCrunch: “All identified apps have been removed, and the developers are banned.” He added that Android’s built-in Google Play Protect already shields users from known versions of this malware. Apple, however, stayed silent when pressed for comment.
Kaspersky’s Rosemarie Gonzales dropped another warning: Even though the apps are gone from official stores, telemetry data hints that SparkCat might still be floating around on sketchy third-party app stores and websites. So, maybe think twice before downloading anything off the beaten path.
Photo: Pixabay
