A troubling new malware campaign targeting mobile users by capturing data from screenshots to rob from their crypto wallets has emerged.
The new SparkCat malware discovered by the cyber security company Kaspersky has been discovered within apps on both the Google Play store and the Apple App Store.
Final hours to get this OnePlus 13 deal
OnePlus is currently offering £100 off on the 512GB model of its latest flagship phone, alongside an additional £50 added to the value of whichever phone you want to trade in to get it.
- OnePlus
- £100 off
- Now just £899
The malware users optical character recognition (OCR) to harvest the details by scanning users’ image galleries on the look out for the recovery keys associated with cryptocurrency accounts.
While this method has been known to be used by scammers on Android, the firm notes it’s the first time such an attack has penetrated Apple’s ecosystem. The iOS-based malicious code was based on similar tech that powered the Android tool.
“We found Android and iOS apps, some available in Google Play and the App Store, which were embedded with a malicious SDK/framework for stealing recovery phrases for crypto wallets,” Kaspersky wrote in a blog post revealing its findings.
“The infected apps in Google Play had been downloaded more than 242,000 times. This was the first time a stealer had been found in Apple’s App Store.”
The crafty malware looks works by using the app to send a request to read photo galleries. If helpful account details are found, they are sent back to the attackers, who can exploit them to steal.
It’s currently not clear how the malware made it into affected apps and whether anyone has lost money via the scheme, but Kaspersky says one such app, a Chinese food and grocery delivery app called ComeCome is still available to download.
A screenshot nightmare
If there was ever a reason to purge your screenshots library from your phone gallery, this is it. Those quick grabs we make to safeguard information belongs in a secure locker, rather than the gallery where we keep our photos.
While there’s no evidence of this malware actually costing people money at this point, it only takes one. I’d recommend taking a look at your screenshot library and deleting anything sensitive or relocating it.
