Apple and Google remove dangerous SparkCat malware apps from stores

Apple and Google have recently taken urgent action to remove a total of 20 apps from their respective app stores after security researchers uncovered serious vulnerabilities associated with these applications. Known as SparkCat, the malware has been active since March 2024, primarily targeting users in the United Arab Emirates and Indonesia. The malicious code was initially discovered in a food delivery app, but it has since spread to 19 other unrelated applications, collectively downloaded over 242,000 times from Google Play alone.

The identified vulnerabilities are alarming. Security researchers from Kaspersky reported that the SparkCat malware employs optical character recognition (OCR) technology to extract text visible on a device’s display. By scanning through image galleries, the malware intelligently searches for keywords linked to recovery phrases for cryptocurrency wallets. This multifaceted approach means that the malware can operate across various languages, including English, Chinese, Japanese, and Korean, making it a global threat.

The consequences of this malware are severe: by securing a victim’s recovery phrases, attackers could gain full access to their cryptocurrency wallets and subsequently steal funds. Furthermore, the malware is not limited to financial stealing; it can also extract sensitive personal information from screenshots, which may contain passwords or private messages.

Following the comprehensive report from Kaspersky, Apple took immediate steps to remove the compromised apps from its App Store. Google quickly followed suit. Ed Fernandez, a spokesperson for Google, stated that “All of the identified apps have been removed from Google Play, and the developers have been banned.” He also reassured Android users that they were protected against known versions of SparkCat due to the built-in Google Play Protect security feature.

While these actions by Apple and Google are crucial, the fight against this malware seems far from over. Rosemarie Gonzales, a spokesperson for Kaspersky, emphasized that even though the apps were removed from authorized stores, there are indications that SparkCat malware might still be accessible from unofficial websites and third-party app stores, rendering ongoing vigilance essential for mobile users in protecting their data.