Cybersecurity firm Kaspersky Labs has discovered malicious software development kits that infect Android and iOS apps, enabling them to scan users' images for cryptocurrency wallet recovery phrases. This malware, named SparkCat, utilizes optical character recognition (OCR) to target specific keywords and can pilfer not only recovery phrases but also other personal data such as passwords found in screenshots. Active since at least March 2024, SparkCat has reportedly been downloaded around 242,000 times, predominantly targeting users in Europe and Asia. The malware is suspected to be embedded in various apps, both legitimate and fake. Kaspersky highlights the need for users to refrain from storing sensitive information in screenshots and to utilize password managers instead. While the exact origin of the malware remains unclear, some traces point to a campaign identified by ESET researchers in March 2023, with potential coding links to a Chinese-speaking developer. Google and Apple have yet to respond to inquiries regarding this issue.

Source 🔗