New Malware Targets Crypto Wallets in Popular Apps
In a concerning revelation, security researchers from Kaspersky have discovered that several applications on both the App Store and Google Play Store are infected with a sophisticated crypto stealer malware. This malware, embedded within a malicious software development kit (SDK), employs optical character recognition (OCR) technology to extract sensitive information, specifically cryptocurrency wallet recovery phrases, from screenshots stored on users’ smartphones. This incident marks a significant first, as it is the initial detection of cryptocurrency-stealing malware on Apple’s App Store.
Details of the Malware Discovery
In a comprehensive report released on Thursday, Kaspersky’s researchers identified at least 18 Android applications and 10 iOS applications that contained the malicious SparkCat SDK. The total number of downloads for the affected Android apps exceeded 242,000, indicating a widespread potential for damage. The infected applications varied in appearance; some seemed legitimate, while others were designed to attract users with enticing features, particularly messaging apps enhanced with AI capabilities.
Despite the alarming findings, Kaspersky noted that some of the compromised Android applications remained available for download on the Play Store at the time of their report. This raises questions about the effectiveness of existing security measures on these platforms. The researchers have not yet determined whether the malware was introduced intentionally by the developers or if it resulted from a supply chain attack. Both Apple and Google have not issued public statements regarding the presence of these malicious apps in their stores, leaving users in a state of uncertainty.
How the Malware Operates
Once installed on a device, the infected applications utilize OCR technology to scan and extract text from images saved on the smartphone. This includes the critical recovery phrases associated with cryptocurrency wallets. When the malware identifies a recovery phrase, it uploads the corresponding image to an Amazon cloud server. Simultaneously, it sends a notification to the attacker’s server, alerting them of the compromised information.
This method of operation poses a significant threat to users who may unknowingly store sensitive information in easily accessible formats, such as screenshots. The malware’s ability to operate discreetly makes it particularly dangerous, as users may not realize their information is being compromised until it is too late. The implications of this malware are severe, especially for individuals who rely on cryptocurrency for transactions and investments.
Steps for Users to Protect Themselves
In light of this discovery, Kaspersky has urged users to take immediate action. Although Google and Apple have removed most of the identified malicious applications, users who have downloaded them must manually uninstall these apps to mitigate any potential risks. Moreover, Kaspersky recommends that users store their cryptocurrency wallet recovery phrases in a password manager or an application that offers encrypted note storage. This approach is significantly safer than keeping screenshots, which can be easily accessed by malicious apps granted permission to access storage or camera roll.
Users should also remain vigilant about the applications they download and the permissions they grant. Regularly reviewing app permissions and being cautious about installing apps from unknown developers can help reduce the risk of falling victim to similar threats in the future. By taking these proactive measures, users can better safeguard their sensitive information and protect themselves from potential financial loss.
Observer Voice is the one stop site for National, International news, Editorโs Choice, Art/culture contents, Quotes and much more. We also cover historical contents. Historical contents includes World History, Indian History, and what happened today. The website also covers Entertainment across the India and World.