Apple and Google have pulled as many as 20 apps from their respective app shops after safety researchers discovered the apps have been carrying data-stealing malware for nearly a yr.
Safety researchers at Kaspersky stated the malware, dubbed SparkCat, has been lively since March 2024. Initially, the researchers discovered the malicious framework inside a meals supply app used within the United Arab Emirates and Indonesia however later discovered the malware on 19 different, unrelated apps, which they are saying have been cumulatively downloaded greater than 242,000 instances by Google’s Play Retailer.
Utilizing code that’s designed to seize textual content seen on the consumer’s show — often called optical character recognition (OCR) — researchers discovered the malware scanned the picture galleries on victims’ units for key phrases to search out restoration phrases for cryptocurrency wallets throughout numerous languages, together with English, Chinese language, Japanese, and Korean.
Through the use of the malware to seize a sufferer’s restoration phrases, attackers may acquire full management over a sufferer’s pockets and steal their funds, the researchers discovered.
The malware may additionally allow the extraction of private info from screenshots, reminiscent of messages and passwords, the researchers stated.
Upon receiving the report from the researchers, Apple pulled the compromised apps from the App Retailer final week, adopted by Google.
“All the recognized apps have been faraway from Google Play, and the builders have been banned,” Google spokesperson Ed Fernandez advised TechCrunch.
Google’s spokesperson additionally confirmed that Android customers have been shielded from recognized variations of this malware by the in-built Google Play Shield safety characteristic.
Apple didn’t reply to requests for remark.
Kaspersky spokesperson Rosemarie Gonzales advised TechCrunch that whereas the reported apps have been pulled from the official app shops, the corporate’s telemetry knowledge advised that the malware was additionally obtainable from different web sites and non-official app shops.
