New iPhone, Android Warning—Do Not Use Any Of These Apps

A cybersecurity firm has issued a warning for iPhone and Android users about apps in both Google’s Play Store and Apple’s App Store being infected with malicious code that can empty crypto wallets. The malware, identified by Kaspersky, uses optical character recognition (OCR) to scan image galleries for secret codes that could access or recover wallets. This threat, which has been active since March 2024, marks the first known case of such malware infiltrating the App Store. The infected apps, including the ComeCome food delivery app, have been downloaded over 242,000 times from Google Play. Users are advised to delete these apps and reinstall them only after updates are available.

The malware, named SparkCat, uses a rare protocol in the Rust language to interact with command-and-control servers and can load different OCR models based on system language. Kaspersky emphasizes the importance of not storing sensitive information, such as wallet recovery phrases, in image galleries. Instead, users should use secure applications for storing passwords and confidential data. The infected apps' package names and iOS bundle IDs are listed in Kaspersky's report, and users are urged to check if any are installed on their devices.

Key takeaways:

Malicious code in apps from Google Play Store and Apple App Store can empty crypto wallets by using OCR to scan image galleries for secret codes.
The malware, called SparkCat, has been active since March 2024 and is spreading internationally, affecting both Android and iOS applications.
Users are advised to delete infected apps and reinstall them once updated, and to avoid storing sensitive information like wallet recovery phrases in image galleries.
Kaspersky emphasizes the importance of using special applications to store passwords and confidential documents securely.

New iPhone, Android Warning—Do Not Use Any Of These Apps

Key takeaways:

Comments (0)

Newsletter