In March 2023, security researchers at ESET discovered malware infecting smartphones running Android and Windows operating systems. This malware has the ability to secretly view images on devices and identify specific content within those images to gain unauthorized access to users’ cryptocurrency wallets.
Recently, Kaspersky researchers identified similar malware, named “SparkCat,” targeting both Android and iPhone users. The malicious applications masquerade as AI-integrated apps and have been distributed directly through official app stores.
Apps containing the SparkCat malware, disguised as AI integrations, were found in the App Store (Image: Kaspersky).
Kaspersky revealed that several apps on both Android’s Google Play and iOS’s App Store contained the SparkCat malware. Notably, this is the first time malware designed to steal information has been detected in the App Store for iOS.
These apps incorporate Optical Character Recognition (OCR) technology to covertly scan images on smartphones, searching for keywords related to cryptocurrency wallets. The data collected by the malware is then sent to an external server controlled by hackers, who can use it to illegally access users’ digital wallets and transfer funds without their knowledge.
In addition to targeting cryptocurrency information, the malware could potentially be used to gather other sensitive data from images stored on smartphones, such as screenshots of passwords or banking details.
One of the SparkCat-infected apps available on Google Play had over 50,000 downloads (Image: Kaspersky).
An analysis of the malware’s configuration files and timestamps indicates that SparkCat has been active since March 2024. Some of these apps have been downloaded more than 250,000 times on Google Play, highlighting the widespread distribution of malicious apps.
The malware targets users in Europe and Asia, including the UAE, Kazakhstan, China, Indonesia, and India.
“The malware is particularly dangerous because there are no clear signs of its presence within the apps, making detection difficult,” according to Kaspersky’s report.
“The initial permissions requested by the infected apps seem harmless, and the malware operates discreetly. This malware challenges the misconception that harmful apps and threats are exclusive to Android and not relevant to iOS,” the report added.
SparkCat exemplifies how malware can bypass app store review processes and distribute malicious apps directly through official app stores like Google Play and the App Store, increasing the risk of users unknowingly installing harmful apps on their devices.
