In today's digital world, the informatic security is a priority for all users. However, new threats are constantly emerging and, on this occasion, a malware has been identified that is causing havoc on mobile devices. Its name is SparkCat, and has managed to infiltrate applications present in the official stores from Google Play and the App Store, making it a latent danger for millions of users.
This malware It has been detected by the cybersecurity company Kaspersky and has attracted attention due to its sophisticated information theft mechanism. Its main objective is to obtain access to the cryptocurrency wallets of users through the use of Optical Character Recognition (OCR) technologyBelow, we tell you in detail how it works, how it has spread and what steps you can take to protect yourself.
What is SparkCat and how does it work?
SparkCat is a type of malware known as cryptostealer trojan, designed to steal cryptocurrencyIts particularity lies in its ability to analyze images stored on devices through the use of Artificial Intelligence and optical character recognition (OCR). With this technique, it scans the screenshots looking for recovery phrases digital wallets, private keys and other sensitive data.
The infection process begins when a user downloads a seemingly harmless application from the Google Play Store or the App Store. Once installed, the app asks access to the image gallery, a request that many users accept without suspecting anything amiss. When the user grants this access, the malware begins to analyze stored images in search of valuable information, which it subsequently sends to the attackers.
Applications infected with SparkCat
Throughout the research conducted by Kaspersky, it has been identified that SparkCat has infected several applications from different categories. Among them we find AI assistants, messaging apps, and food delivery appsSome of these apps have been downloaded more than 242.000 times before being removed from official stores.
In the case of iOS, popular applications have been identified as WeTink, AnyGPT, ChatAI and Come Come, the latter also with a malicious version for Android. Researchers have also discovered a long list of bundle IDs where the presence of malware has been detected, suggesting that the spread is greater than initially thought.
How does SparkCat affect users?
The goal of SparkCat is to gain control of the cryptocurrency wallets of the victims. By stealing the recovery phrases, attackers can access stored funds and transfer them to their own accounts with no possibility of recovery for those affected.
In addition to stealing cryptocurrencies, this malware can also leak personal information contained in screenshots, such as banking data, login credentials and private messages. This represents a significant risk to the privacy y user security.
Apple and Google's response
Following the publication of the Kaspersky report, both Apple and Google have taken steps to mitigate the threat. Both companies have Removed up to 20 infected apps from their respective stores and have Suspended the developers responsible to prevent them from re-posting malicious content.
Google has noted that Android users have the protection of Google Play Protect, a security feature built into devices that can detect and block malicious apps. However, it has been confirmed that SparkCat is also available on unofficial sources, which means it still poses a risk to those who install apps outside of official stores.
How to protect yourself from SparkCat and other similar malware
Even though official stores have removed the infected apps, it is essential for users to take security measures to protect themselves from such threats. Some recommendations include:
- Avoid installing applications from unofficial sources: Downloading apps only from the Google Play Store and App Store significantly reduces the risk of infection.
- Review the permissions requested by the applications: If a messaging app or AI asks for access to your photo gallery for no apparent reason, it's best not to grant it.
- Use two-step authentication: For cryptocurrency wallets and other sensitive accounts, enabling this security measure adds an extra layer of protection.
- Delete screenshots with sensitive information: Do not store recovery phrases or private keys in the photo gallery, as they can be detected by malware such as SparkCat.
Who is behind SparkCat?
So far, the perpetrators of this malware have not been identified with certainty. However, cybersecurity experts have found Hints in the Android version code, including Chinese comments and directory names in the iOS version in that language. This suggests that the attackers may be native Chinese speakers, although there is not enough evidence to attribute the campaign to a specific group.
Researchers have also noted that the malware primarily targets users in Europe, Asia and the United Arab Emirates, although it is believed that there could be victims in other parts of the world.
The rapid spread of SparkCat and its ability to remain undetected within legitimate applications demonstrates the need for Stay alert to cyber threatsDigital security should be a priority for all users, especially those who handle online financial assets like cryptocurrencies. Share the news to alert other users about this threat.