- Cybersecurity firm Kaspersky has identified malicious apps on both the App Store and Google Play containing the “SparkCat” malware
- The malware employs Optical Character Recognition (OCR) technology to extract sensitive information from users’ photos, particularly targeting cryptocurrency wallet credentials
- Infected applications have been downloaded over 242,000 times, prompting immediate removal recommendations
Kaspersky has uncovered a significant security threat involving malicious applications on both Apple’s App Store and Google Play Store. These apps are embedded with the “SparkCat” malware, which utilizes OCR technology to scan users’ photos for sensitive data, especially cryptocurrency wallet recovery phrases. Collectively, these compromised apps have been downloaded more than 242,000 times, leading to urgent advisories for users to delete them promptly.
ComeCome Among Affected Apps
Among the compromised applications is “ComeCome,” a food delivery service operating in the UAE and Indonesia, which had garnered over 10,000 downloads before its removal. Other affected apps include AI chat applications like “WeTink” and “AnyGPT.”
These apps deceptively request access to users’ photo galleries under the guise of enhancing functionality. Once granted, the malware scans stored images for text, focusing on extracting cryptocurrency wallet recovery phrases and other confidential information.
Sophisticated Use of OCR Spells Trouble
The “SparkCat” malware is notable for its sophisticated use of OCR technology, leveraging Google’s ML Kit library to recognize text within images. Upon accessing the photo gallery, the malware searches for specific keywords related to cryptocurrency wallets. If such information is detected, it is transmitted to the attackers’ servers, potentially compromising users’ financial assets.
In light of this discovery, users are strongly advised to review their installed applications and immediately uninstall any identified as malicious. Additionally, it is prudent to avoid storing sensitive information, such as cryptocurrency wallet recovery phrases, in photo galleries. Utilizing dedicated password management tools can offer a more secure alternative. Employing robust security solutions across all devices is also recommended to detect and prevent such threats.
