If you thought that simply owning an iPhone would be enough to protect you from malware, we have bad news for you. According to researchers at Kaspersky, numerous apps infected with a malicious software development kit (SDK) used to steal crypto wallets were recently unearthed on Google Play and, for the first time, Apple’s App Store.
Kaspersky says the malware campaign, dubbed “SparkCat,” involves OCR (Optical Character Recognition) models capable of reading text in images on the victim’s device in order to extract private information and send it to a command and control (C2) server. Specifically, the malware looks for recovery phrases that can be used to access crypto wallets.
The researchers first discovered SparkCat in ComeCome, a food delivery app available in the UAE and Indonesia. In all, Android apps infected with the malware had been downloaded over 242,000 times on Google Play, and some are still available.
“What makes this Trojan particularly dangerous,” the Kaspersky researchers note at the end of their report, “is that there’s no indication of a malicious implant hidden within the app.” Even the permissions the apps request “appear harmless at first glance.”
It’s a terrifying turn of events. “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace,” Kaspersky claims.
You can see the full list of infected apps at the end of Kaspersky’s blog post. If you have any of the listed apps on your device, be sure to delete them immediately. Even if you’re using Apple’s App Store, remember that you can never be too careful when downloading apps.
