The compromised apps were downloaded more than 242,000 times from the Google Play Store, but this is the first time they have been discovered in the Apple App Store, according to the Kaspersky experts.
A malicious software development kit (SDK)/framework has been discovered by Kaspersky Lab researchers installed in a number of apps available on the Google Play Store and Apple App Store. Its purpose is to use optical character recognition (OCR) plugins to steal recovery phrases for cryptocurrency wallets.
The compromised apps were downloaded more than 242,000 times from the Google Play Store, but this is the first time they have been discovered in the Apple App Store, according to the Kaspersky experts. The malware has been known as “SparkCat” by the researchers, who assert that it has been operational since March 2024.
“Using the Google ML Kit library as a basis, the Android malware module encrypted and started an OCR plugin that recognized text in pictures in the gallery of devices. The Trojan transmitted photos to the command server using keywords it had obtained from the C2 (Command and Control communications channel), which hackers use to take control of a device remotely. According to the Kaspersky Lab research, the iOS malware module was similarly developed and made use of the Google ML Kit library for OCR. The ML Kit interface is also utilized by the iOS virus.
Researchers at Kaspersky advise against using any infected apps you may have installed and to uninstall them “until a patch is released that removes the malicious functionality.” Additionally, they warn against keeping screenshots in the device gallery that include private information, such as “recovery phrases for access to cryptocurrency wallets.”
“Special applications can be used to store sensitive data, including passwords and private documents.” The researchers from Kaspersky Lab said. Furthermore, it is recommended that you invest in a “reliable security solution on all your devices.”
By :- Next Tech Plus
