Kaspersky Labs has dropped a bombshell and shared that some software development kits, or SDKs for Android and iOS apps are harboring malware that’s on the hunt for your crypto wallet recovery phrases.
Scanning screenshots and photos
Kaspersky analysts Sergey Puzan and Dmitry Kalinin revealed this malware, dubbed SparkCat, gets cozy with your device and starts scanning your photos for those all-important recovery phrases, and with those phrases, thieves can easily drain your crypto wallet faster than you can say “blockchain.”
In their report, the duo explained that once this malware is in play, it doesn’t just stop at recovery phrases, it can also swipe other personal data from your gallery, think messages and passwords that might just be chilling in your screenshots.
Kaspersky suggests you ditch the habit of keeping sensitive info in your screenshots or photo albums. Instead, they recommend using a password manager to keep your secrets safe.
Undercover agent
On Android devices, the malware sneaks in disguised as a Java component named Spark, which sounds harmless, right?
It even has an encrypted configuration file stored on GitLab to keep its commands and updates under wraps, but once it’s in, it employs Google’s ML Kit OCR technology to extract text from images, specifically hunting for recovery phrases that allow hackers to access crypto wallets without needing a password.
Kaspersky estimates that since its activation around March, this malware has been downloaded approximately 242,000 times, and it primarily targets users in Europe and Asia. It has infiltrated dozens of apps, both legitimate and fake, across the app stores.
What’s more, it uses Rust language features that are rarely found in mobile apps, making it tricky to spot.
Behind the scenes
The bad news is that Kaspersky isn’t sure whether these infected apps were compromised through a supply chain attack or if developers intentionally included the Trojan.
Some of these apps look legit, like food delivery services, while others are clearly designed to trap unsuspecting victims with flashy AI features.
The origins of this malware remain unnown, but Kaspersky did find some Chinese comments buried in the code. This hints that the mastermind behind this digital menace might be fluent in Chinese.
