SparkCat Malware Targets Crypto Users via App Stores
Severity: High (Score: 66.5)
Sources: Cryptonews, Scworld
Summary
The SparkCat malware has resurfaced on the Apple App Store and Google Play Store, targeting cryptocurrency users. This Trojan malware, first identified in February 2025, conceals itself within benign applications, including enterprise messengers and food delivery services. It employs optical character recognition (OCR) to scan photo galleries for cryptocurrency wallet recovery phrases. The malware's iOS variant targets English phrases, while the Android version scans for keywords in Japanese, Korean, and Chinese. Cybersecurity firm Kaspersky has reported its ongoing presence, indicating that the same developers are likely behind the new variant. Users in Asia are particularly affected by this evolving threat. Researchers recommend avoiding storing sensitive information in photo galleries and exercising caution with app permissions. The malware's ability to bypass security reviews poses a significant risk to users' cryptocurrency assets. Key Points: • SparkCat malware targets cryptocurrency wallet recovery phrases from photo galleries. • The malware is found in benign apps on both iOS and Android platforms. • Users in Asia are primarily affected, with advanced obfuscation techniques employed.