Apple and Google have removed as many as 20 applications from their app stores after security experts discovered that these apps contained data-stealing malware for nearly a year.
According to security experts at Kaspersky, the malware, referred to as SparkCat, has been operational since March 2024. The researchers initially identified the harmful framework within a food delivery application utilized in the United Arab Emirates and Indonesia, later detecting the malware across 19 other unrelated applications, which collectively amassed over 242,000 downloads from Google’s Play Store.
Utilizing code designed to capture text displayed on screens—known as optical character recognition (OCR)—the malware was able to scan the image galleries of affected devices for keywords to detect recovery phrases for cryptocurrency wallets in various languages, including English, Chinese, Japanese, and Korean.
By leveraging the malware to glean a victim’s recovery phrases, attackers could entirely commandeer a victim’s wallet and misappropriate their funds, as per the findings of the researchers.
Additionally, the malware could facilitate the extraction of personal data from screenshots, such as messages and passwords, according to the researchers.
Following the report from the researchers, Apple removed the infected applications from the App Store last week, with Google soon to follow.
“All identified applications have been eliminated from Google Play, and the associated developers have been banned,” stated Google spokesperson Ed Fernandez to TechCrunch.
The spokesperson for Google also affirmed that Android users were shielded from known variants of this malware due to the built-in Google Play Protect security feature.
Apple did not provide a comment when approached for a response.
Kaspersky representative Rosemarie Gonzales conveyed to TechCrunch that despite the removal of these applications from official app stores, their telemetry data indicated that the malware was still accessible through other websites and unofficial app stores.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
