Publisher’s socket: Taking screenshots on modern mobile devices is incredibly easy. However, inexperienced users often neglect the potential security risks of the recording of images containing sensitive data. This surveillance can cause financial losses because cybercriminals are always ready to use such laps in operational security.
Kaspersky has discovered a new campaign of malware designed to violate user cryptographic portfolios and steal bitcoin and other cryptocurrencies. Nicknamed Sparkcat, malware uses advanced optical character recognition technology integrated into modern smartphones platforms to search for recovery sentences used to access cryptographic wallets. He notably affects Android and iOS ecosystems.
Sparkcat was found integrated In several Android and iOS applications, some of which were available in official application stores. Malware uses a malicious SDK that incorporates Google OCR technology, allowing it to scan user photo galleries for screenshots and extract cryptographic wallet recovery codes from images.
Infected applications discovered on Google Play had been downloaded more than 242,000 times. Meanwhile, some malicious applications targeting iOS remain available for download, including two AI cat tools (Wetink and Anygpt) and a Chinese food delivery application (Comecomome).
Kaspersky thinks that the Sparkcat campaign has probably been active since March 2024. Malventy applications had a previously invisible protocol written in rust, which turned out to be useful to communicate with command and control servers operated by cybercriminals behind the attack.
The origin of Sparkcat remains clear. Kaspersky did not determine whether the infection was part of a sophisticated attack on the supply chain or the result of deliberate action by the developers of the application. Malware uses tactics previously observed by researchers in 2023, when ESET analysts discovered malicious “implants” in Android and Windows applications designed to scan images for access codes to the cryptographic portfolio.
Sparkcat highlights the risk of poor safety practices on personal mobile devices. The backup of screenshots in a phone gallery is already a potential vulnerability, but for users who have invested in cryptocurrency, it can turn into a serious security threat.
