Following the discovery by security researchers that the apps were harboring data-stealing malware for nearly a year, Apple and Google removed up to 20 apps from their respective app stores.
The malware, known as SparkCat, has been active since March 2024, according to security specialists at Kaspersky. The researchers first discovered the harmful framework in a food delivery service that was used in Indonesia and the United Arab Emirates. Later, they discovered the malware on 19 other, unrelated apps that, according to the researchers, had been downloaded more than 242,000 times overall through the Google Play Store.
Researchers discovered that the malware used optical character recognition (OCR) code, which is intended to capture text visible on the user’s display, to search image galleries on victims’ devices for keywords to find recovery phrases for cryptocurrency wallets in a variety of languages, including English, Chinese, Japanese, and Korean.
By utilizing the malware to capture a victim’s recovery phrases, attackers could take full control of the victim’s wallet and steal their money, the researchers discovered. Additionally, the malware could allow the extraction of personal information from screenshots, including messages and passwords.
Apple removed the hacked apps from the App Store last week after receiving the researchers’ complaint, and Google did the same.
According to Google spokesperson Ed Fernandez, “all of the identified apps have been removed from Google Play and the developers have been banned,” TechCrunch said.
ICYMT: Cape Coast Metro Health Directorate Reintroduces Veronica Buckets Amidst Cholera Outbreak
The built-in Google Play Protect security mechanism shielded Android users from known versions of this malware, according to a Google representative.
Requests for comment were not answered by Apple.
Rosemarie Gonzales, a representative for Kaspersky, told TechCrunch that although the reported apps were removed from the official app shops, the virus may have been accessible through other websites and unofficial app stores, according to the company’s telemetry data.
SOURCE: TECH CRUNCH
