Apple and Google have pulled as many as 20 apps from their respective app shops after security researchers discovered the apps had been carrying data-stealing malware for nearly a yr.
Safety researchers at Kaspersky mentioned the malware, dubbed SparkCat, has been lively since March 2024. Initially, the researchers discovered the malicious framework inside a meals supply app used within the United Arab Emirates and Indonesia however later discovered the malware on 19 different, unrelated apps, which they are saying had been cumulatively downloaded greater than 242,000 occasions by means of Google’s Play Retailer.
Utilizing code that’s designed to seize textual content seen on the person’s show — referred to as optical character recognition (OCR) — researchers discovered the malware scanned the picture galleries on victims’ gadgets for key phrases to seek out restoration phrases for cryptocurrency wallets throughout varied languages, together with English, Chinese language, Japanese, and Korean.
Through the use of the malware to seize a sufferer’s restoration phrases, attackers might achieve full management over a sufferer’s pockets and steal their funds, the researchers discovered.
The malware might additionally allow the extraction of private data from screenshots, reminiscent of messages and passwords, the researchers mentioned.
Upon receiving the report from the researchers, Apple pulled the compromised apps from the App Retailer final week, adopted by Google.
“All the recognized apps have been faraway from Google Play, and the builders have been banned,” Google spokesperson Ed Fernandez instructed information.killnetswitch.
Google’s spokesperson additionally confirmed that Android customers had been protected against recognized variations of this malware by means of the in-built Google Play Shield security function.
Apple didn’t reply to requests for remark.
Kaspersky spokesperson Rosemarie Gonzales instructed information.killnetswitch that whereas the reported apps had been pulled from the official app shops, the corporate’s telemetry information recommended that the malware was additionally accessible from different web sites and non-official app shops.
