Apple and Google pulled as many as 20 apps from their respective app stores after security researchers discovered that their apps carried data-stealing malware for almost a year.
A security researcher at Kaspersky said the malware called Sparkcat has been active since March 2024. Initially, researchers found malicious frameworks within food delivery apps used in the United Arab Emirates and Indonesia, but later found malware in 19 other unrelated apps. , they say it was cumulatively downloaded over 242,000 times from Google’s Play Store.
Code designed to capture text that can be displayed on a user’s display (Optical Character Recognition (OCR)) – Researchers say that malware scans image gallery on the victim’s device to scan keywords, and the English language We were able to find recovery phrases for cryptocurrency wallets across a variety of languages, including: Chinese, Japanese, Korean.
By using malware to capture the victim’s recovery phrase, the attacker can take full control of the victim’s wallet and steal funds, researchers have found.
Malware could allow personal information to be extracted from screenshots such as messages and passwords, researchers said.
When it received the report from the researchers, Apple pulled out a compromised app from the App Store last week, followed by Google.
“All identified apps have been removed from Google Play and developers are prohibited,” Google spokesperson Ed Fernandez told TechCrunch.
A Google spokesman also confirmed that Android users are protected from known versions of this malware through the built-in Google Play Protect Security feature.
Apple did not respond to requests for comment.
Kaspersky spokesperson Rosemarie Gonzales told TechCrunch that the reported apps were pulled from the official app store, but the company’s telemetry data is also available for malware from other websites and non-dedicated app stores. He said he suggested this.
Source link
