Mobile Malware attack used Store apps and OCR to steal cryptocurrency recovery codes

[harlan4096]

Malicious applications that are uploaded to Google's Play Store or Apple's App Store continue to be a problem for users worldwide. Google said that it blocked more than 2.3 million risky Android apps in 2024 alone.

Kaspersky security researchers have uncovered a recent malware attack. The goal of SparkCat, that is the name Kaspersky gave the malware, was to obtain cryptocurrency recovery codes.

The details:

• Threat actors managed to upload apps to Google Play and App Store.
  
• Apps were also distributed through unofficial channels.
  
• The apps were embedded with a malicious SDK.
  
• SparkCat has been active since at least April 2024.
  

Kaspersky says that infected apps on Google Play were downloaded more than 240,000 times by users. The malware would install an OCR plugin after launch to scan images on infected devices for recovery codes.

Good to know: Cryptocurrency recovery codes may be used to gain access to wallets. Discovered codes were sent to remote servers for processing.

Kaspersky mentions few of the application names and how they were advertised on Google Play. The app ComeCome-Chinese Food Delivery showed professional looking screenshots of the application. It was downloaded more than 10,000 times according to Kaspersky and popular in Indonesia and the United Arab Emirates.

Another app mentioned by Kaspersky is ChatAI. It had more than 50,000 downloads on Google Play. The number of downloads from unofficial sources is unknown.

Continue Reading...