SparkCat crypto stealer in Google Play and App Store

SUMMARY :

A new malware campaign dubbed 'SparkCat' has been discovered targeting Android and iOS users through both official and unofficial app stores. The malware, embedded in various apps, uses OCR technology to scan users' image galleries for crypto wallet recovery phrases. Infected Android apps on Google Play had over 242,000 downloads. This marks the first occurrence of such a stealer in Apple's App Store. The malware utilizes Google's ML Kit for OCR and communicates with C2 servers using a custom Rust-based protocol. Active since March 2024, SparkCat affects users in Europe and Asia, targeting multiple languages. The campaign highlights the vulnerability of both Android and iOS platforms to sophisticated malware threats.

OPENCTI LABELS :

android,rust,ios,google play,ocr,sparkcat,crypto stealer,ml kit,app store


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


SparkCat crypto stealer in Google Play and App Store