Cybersecurity researchers have discovered a new version of SparkCat malware infiltrating both Apple App Store and Google Play Store, more than a year after the trojan was first identified. The sophisticated malware conceals itself within seemingly legitimate applications including enterprise messengers and food delivery services while silently scanning victims' photo galleries for cryptocurrency wallet recovery phrases.
Kaspersky identified two infected apps on the App Store and one on Google Play Store that primarily target cryptocurrency users in Asia. The iOS variant takes a broader approach by scanning for cryptocurrency wallet mnemonic phrases in English, potentially affecting users globally regardless of their region. The malware operates covertly, avoiding detection while searching for valuable seed phrases that could provide access to cryptocurrency wallets.
This represents a significant evolution in mobile cryptocurrency threats, with attackers increasingly targeting the human element of crypto security rather than technical vulnerabilities. The malware's presence on official app stores highlights the ongoing challenges in detecting sophisticated threats that masquerade as legitimate applications. Security experts recommend users carefully review app permissions and avoid storing recovery phrases in photo galleries or other easily accessible digital formats.
