Kaspersky Detects Resurgence of ”SparkCat” Spyware on App Store and Google Play Targeting Crypto Wallets
Cybersecurity firm Kaspersky has uncovered a sophisticated new variant of the "SparkCat" Trojan infiltrating official mobile app stores. One year after its initial discovery, the malware has re-emerged within seemingly legitimate business messaging and food delivery applications. Unlike traditional spyware, the updated SparkCat utilizes advanced Optical Character Recognition (OCR) technology to scan a user's photo gallery for seed phrases and recovery keys linked to cryptocurrency wallets.
Kaspersky researchers identified infected apps on both the App Store and Google Play, noting that the attackers are also using fraudulent web pages mimicking the iOS App Store to deceive iPhone users. While the Android version employs rare "virtualization obfuscation" to bypass security filters, the iOS variant targets English-language mnemonic phrases, significantly widening its global reach beyond its primary Asian target base. Kaspersky has notified Apple and Google, leading to the removal of the malicious code, but warns that the high level of technical sophistication suggests a persistent and professional threat actor.