Kaspersky Finds New Crypto Thief Trojans On AppStore And Google Play
JAKARTA - The Kaspersky Threat Research expertise center has found a new Stealer Trojan, SparkCat, which has been active on AppStore and Google Play since at least March 2024.
Malware is spreading through the infected official app and messenger feeds, AI assistants, food delivery, crypto-related apps, and more.
Kaspersky telemetry data also shows that the infected version is distributed through other unofficial sources. On Google Play, the app has been downloaded more than 242,000 times.
This malware mainly targets users in the UAE, Europe and Asia. This is what experts conclude based on information about the operational area of infected applications and malware technical analysis. However, experts believe victims can also come from other countries.
In one of the visible cases, once installed, the new malware will ask for access to view photos in the user's gallery. Then, the malware analyzes the text in the saved image using an optical character recognition module (OCR).
If the thief detects the relevant keywords, the malware sends the image to the attacker. The hacker's main target is to find the phrase recovery for the crypto asset wallet. With this information, they can gain full control of the victim's wallet and steal funds.
In addition to stealing the phrase recovery, the malware is capable of extracting other personal information from screenshots, such as messages and passwords.
SEE ALSO:
This is the first case of an OCR-based Trojan known to infiltrate the AppStore. Some apps, such as food delivery services, seem legitimate, while others are clearly designed as bait," said Sergey Puzan, malware analyst at Kaspersky.
The SparkCat campaign has several unique features that make it dangerous. First, this malware is spread through official app stores. In addition, the permit he requested seems reasonable, making it easy to ignore.
"This permit is usually requested in a relevant context, such as when users contact customer support," added Dmitry Kalinin, malware analyst at Kaspersky.