A new cybersecurity threat has been discovered where an updated version of SparkCat malware is targeting both Android and iOS users. Researchers found this malware hidden inside normal-looking mobile apps available on official platforms. These apps appear safe and function normally, which makes them difficult to detect. The main goal of this malware is to steal cryptocurrency wallet recovery phrases. These phrases are extremely sensitive and can give full access to a user’s funds.
The malware operates silently in the background without showing any clear signs of activity. It is usually found inside apps like messaging tools or utility-based applications that people commonly use. Once installed, the app behaves just like a normal app, so users don’t feel anything suspicious. This makes it easier for the malware to stay active for a long time. The attackers take advantage of this trust to continue their activity without interruption.
The most important method used in this attack is scanning images stored in the phone’s gallery. The app asks for permission to access photos, which many users allow without thinking much. After getting access, the malware uses OCR (Optical Character Recognition) to read text from images. It specifically looks for cryptocurrency wallet recovery phrases saved as screenshots. If such data is found, the images are sent to servers controlled by the attackers.
There is a slight difference between how the malware behaves on Android and iOS devices. The Android version mainly looks for keywords in languages like Japanese, Korean, and Chinese. This suggests that it may be focusing more on users in Asian regions. On the other hand, the iOS version scans for recovery phrases written in English. Because of this, the iOS variant has the potential to target users worldwide.
The updated version of SparkCat is more advanced compared to earlier versions. It uses strong obfuscation techniques to hide its actual behavior. Researchers have noticed the use of code virtualization and complex cross-platform development methods. These techniques are not commonly seen in normal mobile malware. Because of this, it becomes much harder for security tools to detect and analyze it.
SparkCat itself is not completely new, as it was identified earlier in previous cases. However, this new version shows that the malware is still active and evolving. The attackers have improved their methods and made the malware more powerful. Researchers believe that the same group may be behind both the old and new variants. This indicates that the threat is ongoing and may continue to develop further.
Another important point is that these infected apps were able to enter official app stores. Even though platforms like Apple App Store and Google Play Store have strict security checks, some malicious apps still managed to get published. Later, many of these apps were removed after being identified. This shows that even trusted platforms are not completely risk-free.
Overall, this incident highlights a serious risk for cryptocurrency users. Many people store their wallet recovery phrases as screenshots for convenience. This habit makes them easy targets for such malware attacks. Once attackers get access to these phrases, they can fully control and drain the wallet. It clearly shows how small habits can lead to major losses and why user awareness is important.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
