SparkCat Malware Poses Major Threat to Crypto Wallets on Android and iOS
SparkCat Malware has emerged as a significant threat to cryptocurrency users, targeting both Android and iOS devices. Kaspersky has recently issued a warning about this newly discovered malware, which infiltrates popular mobile apps and steals private keys from cryptocurrency wallets. Shockingly, SparkCat has been downloaded over 200,000 times, putting numerous users at risk of losing their digital assets.
The malware spreads through malicious software development kits (SDKs) embedded in seemingly harmless applications. Cybersecurity experts have noted that SparkCat Malware utilizes Optical Character Recognition (OCR) technology to scan victims’ photo galleries for crypto wallet recovery phrases hidden in screenshots or saved notes. This highly sophisticated method marks the first known instance of an OCR-based stealer affecting Apple’s platform.
How Does SparkCat Malware Work?
On Android devices, SparkCat is injected via a Java-based SDK called Spark, which masquerades as an analytics module. When an infected app is launched, the malware retrieves an encrypted configuration file from a remote GitLab repository. Once activated, SparkCat leverages Google ML Kit’s OCR tool to scan the device’s image gallery for keywords related to cryptocurrency recovery phrases in multiple languages, including English, Chinese, Korean, and Japanese.
After identifying sensitive information, the malware uploads the images to an attacker-controlled server using encrypted data transfers via Amazon cloud storage or a Rust-based protocol. This sophisticated approach complicates tracking efforts, making it difficult for cybersecurity professionals to detect its origins and stop its activities.
On iOS, SparkCat operates through a malicious framework hidden in infected apps, disguised under names such as GZIP, googleappsdk, or stat. The malware, written in Objective-C and obfuscated with HikariLLVM, integrates with Google ML Kit to extract text from images. Unlike Android, the iOS version requests gallery access only when users perform specific actions, such as opening a support chat, to avoid detection.
The Growing Threat of Crypto Malware
According to Kaspersky, SparkCat Malware has already infected over 242,000 devices across Europe and Asia. Although the exact origins remain unknown, embedded code comments and error messages suggest that the developers are fluent in Chinese. This alarming revelation underscores the increasing sophistication of cybercriminals targeting crypto assets.
Experts strongly advise users against storing sensitive information like seed phrases, private keys, or passwords in screenshots or notes. Instead, they recommend using secure password managers or hardware wallets to safeguard digital assets. The rapid evolution of malware campaigns highlights the ongoing risks within the crypto industry.
Read More – Bitcoin ETFs Rebound After Trump Pauses Tariffs on Mexico and Canada
Previous Crypto Malware Attacks
SparkCat is not the first malware to breach Google and Apple’s store security measures. In September 2024, Binance flagged the Clipper malware, which infected devices through unofficial mobile apps and plugins. This malware replaced copied wallet addresses with those controlled by attackers, leading to significant financial losses for unsuspecting users.
Private key theft remains one of the biggest security threats in the cryptocurrency space. It has contributed to major financial losses within the industry, making it imperative for users to implement strict security measures. Staying informed about emerging threats like SparkCat Malware is crucial for safeguarding digital assets and preventing cyber theft.
How to Protect Yourself from SparkCat Malware
- Avoid downloading apps from untrusted sources.
- Refrain from storing private keys, seed phrases, or passwords in screenshots or notes.
- Regularly update device security settings and enable two-factor authentication.
- Use hardware wallets or secure password managers for crypto storage.
- Monitor device permissions and revoke access to unnecessary app features.
As cybercriminals continue developing advanced malware like SparkCat, users must remain vigilant and prioritize cybersecurity to prevent financial losses. Keeping up with the latest cybersecurity alerts and following best practices can help protect valuable crypto assets from malicious attacks.