A naukri.com initiative
Securelist
1M
256
Image Credit: Securelist
Take my money: OCR crypto stealers in Google Play and App Store
- Google Play and the App Store were infiltrated with malware apps that stole crypto wallet phrases from over 242,000 downloads done by unaware users. This is the first time a stealer had been found in Apple’s App Store.
- A team of researchers from ESET discovered the malware implants in various messaging app mods, with some scanning users’ image galleries to search for crypto wallet access recovery phrases.
- The malware stretched across both Android and Windows devices, with the scam spreading through unofficial sources.
- The “SparkCat” malware campaign was discovered in late 2024 using functions very similar to the messaging app mods for stealing recovery phrases for crypto wallets through apps within the official App Store and Google Play.
- A food delivery app in the UAE and Indonesia, named “ComeCome,” was particularly suspect during the investigation, with the malware module literally named “Spark”.
- The campaign targeted in particular, crypto wallet recovery phrases, which have the power to provide full control over an individual’s wallet to steal funds.
- The malware is also flexible enough to steal other sensitive data from image galleries, such as passwords.
- The attackers have not yet been identified, and the malware apps were found in various languages hidden in the official app marketplaces, giving the false impression that permissions requested were necessary for the apps to operate correctly.
- The ESET investigation exposes how easy it is for malware to hide inside otherwise legitimate-looking applications and the importance of running a robust security product on all devices.
- Users are reminded to avoid storing screenshots with sensitive information in the gallery and to store sensitive information in special apps.
Read Full Article
15 Likes
For uninterrupted reading, download the app