SparkCat Trojan steals personal data from Android and iOS

[lovesmayfamilis]

People often get used to trusting Apple gadgets, relying on their security. Recently, news appeared that applications appeared in the App Store that contain the SparkCat Trojan, which steals all data from the phone's photo gallery. Those who still save their passwords and seed phrases, taking screenshots, should worry about their funds. This Trojan was also found in Google Play, which suggests that no device should be trusted to save important data.

This malware is currently configured to steal crypto wallet data, but it could easily be repurposed to steal any other valuable information.

The worst part is that this malware has made its way into official app stores, with almost 250,000 downloads of infected apps from Google Play alone. Although malicious apps have been found in Google Play before, this marks the first time a stealer Trojan has been detected in the App Store.

https://www.kaspersky.co.uk/blog/ios-android-ocr-stealer-sparkcat/28661/

[Maslate]

This is quite alarming because they didn’t even specify which apps are infected. For all we know, some of the apps we’ve already downloaded could be compromised, and this Sparkcat Trojan might already be spying on our phones without us knowing.

Honestly, I feel like I could be a potential victim, especially since I used to screenshot my seed phrase from different online wallets.

Since no specific infected apps have been identified, I’m curious, what’s the best way to ensure our files and data are safe from this threat?

[Findingnemo]

Since no specific infected apps have been identified, I’m curious, what’s the best way to ensure our files and data are safe from this threat?

I read about this trojan and it looks much more complicated due to it's stealth nature potentially affecting any apps and the only way to remove is to uninstall the app even if it's installed from the official app store or google play and wait for the release that fix before installing the apps again. There are some identified bundles of the trojan and check whether it's present in your device.

Take my money: OCR crypto stealers in Google Play and App Store

[Maslate]

Since no specific infected apps have been identified, I’m curious, what’s the best way to ensure our files and data are safe from this threat?

I read about this trojan and it looks much more complicated due to it's stealth nature potentially affecting any apps and the only way to remove is to uninstall the app even if it's installed from the official app store or google play and wait for the release that fix before installing the apps again. There are some identified bundles of the trojan and check whether it's present in your device.

Take my money: OCR crypto stealers in Google Play and App Store

So this is actually happening in messaging apps, which makes sense since you can also upload pictures in these apps, just like on Facebook, for example.

But I’m pretty sure Facebook isn’t compromised. If our phones were compromised, it probably came not from another source, but from facebook, but they'll not do that as there's a lot at stake.  Personally, I don’t have a lot of messaging apps on my phone, and I’m very careful when installing apps, whether on my phone or computer especially since I store important wallet access information on both devices.

So I guess I’m safe here - for now.

[lovesmayfamilis]

This is quite alarming because they didn’t even specify which apps are infected. For all we know, some of the apps we’ve already downloaded could be compromised, and this Sparkcat Trojan might already be spying on our phones without us knowing.

Honestly, I feel like I could be a potential victim, especially since I used to screenshot my seed phrase from different online wallets.

Since no specific infected apps have been identified, I’m curious, what’s the best way to ensure our files and data are safe from this threat?

You can check all the apps that you have downloaded recently. The stealer has been active since March 2024 and was distributed only in a few regions. In addition, you should be more careful with all downloaded applications, as advised; follow the reviews and trust the millions of downloads, as this can be some guarantee of the legality of the application. Also, be careful with the applications that we trust to view our gallery. Sometimes we do not guess the intentions of this or that program that wants to know our contacts or view photos.

If you suspect that something may go wrong with your gadget, if you took screenshots, which is highly not recommended, maybe it's time to transfer your data to a safe medium that does not have access to the network.

[Russlenat]

They name some of the apps that might be use, in this other source.

https://www.theverge.com/news/606649/ios-iphone-app-store-malicious-apps-malware-crypto-password-screenshot-reader-found

Kaspersky says it can’t “confirm with certainty the infection was a result of a supply chain attack or deliberate action by the developers.” The company names two AI chat apps that seem to have been created for the campaign and appear to still be available on the App Store, called WeTink and AnyGPT. Additionally, Kaspersky found the malicious code in a legitimate-seeming food delivery app called ComeCome, which you can also still download.

So if you have any of those apps on the list, you should uninstall them immediately. It’s also a good idea to transfer your funds to a new wallet where the private key isn’t exposed on your phone. Better safe than sorry as you never know when they might strike, especially if you’re already being monitored.

[Amphenomenon]

Sometimes we do not guess the intentions of this or that program that wants to know our contacts or view photos.

The scary thing here is that even a legitimate app had it which was the Comecome food app. Also, I think it's important people become careful of the Ai chat apps they install on their devices because it seems like that was where the major target for this malware.

They name some of the apps that might be use, in this other source.

https://www.theverge.com/news/606649/ios-iphone-app-store-malicious-apps-malware-crypto-password-screenshot-reader-found

Kaspersky says it can’t “confirm with certainty the infection was a result of a supply chain attack or deliberate action by the developers.” The company names two AI chat apps that seem to have been created for the campaign and appear to still be available on the App Store, called WeTink and AnyGPT. Additionally, Kaspersky found the malicious code in a legitimate-seeming food delivery app called ComeCome, which you can also still download.

So if you have any of those apps on the list, you should uninstall them immediately. It’s also a good idea to transfer your funds to a new wallet where the private key isn’t exposed on your phone. Better safe than sorry as you never know when they might strike, especially if you’re already being monitored.

Op links also did provide some of the names also but here is a link to a more list of the apps on playstore and appstore https://securelist.com/sparkcat-stealer-in-app-store-and-google-play/115385/.
We need to be careful on every aspect including testing new apps while they might be legitimate like the come come food app, though I'm curious what such company will say about it, if they did it intentionally or were just a victim of the software developers they employed.

[Lucius]

~snip~
Honestly, I feel like I could be a potential victim, especially since I used to screenshot my seed phrase from different online wallets.
Since no specific infected apps have been identified, I’m curious, what’s the best way to ensure our files and data are safe from this threat?

No offense, but what you're doing not only doesn't make sense, but as you can see, it's also a big risk. Any storage of such sensitive digital information in a way that makes it vulnerable to remote attacks is irresponsible behavior.

As a consolation, I'm pretty sure you don't have any of those apps on your smartphone, because if you did, you would have noticed it by now, considering all your wallets would be emptied. My advice is to take a pen and paper, carefully write down each seed along with the information to which wallet it belongs, and when you have everything safe, delete all the images - although I don't know if this deletes the images that are automatically stored in the cloud (if you use Android and have that option turned on).

[promise444c5]

After all these years, people still save sensitive info as img

I don't know if this deletes the images that are automatically stored in the cloud (if you use Android and have that option turned on).

No for google cloud storage, it gets uploaded almost immediately after screenshot if there's an available internet connection so deleting it on the device requires deleting on cloud as well plus deleting it again in the trash again, not sure if google stores this information aswell for some time apart from the clod storage but it's totally bad getting it to a cloud storage in the  first palce. Google cloud storage can also be used on IOS btw just download and sync the google photos app

[Mrbluntzy]

I honestly dislike apple products, I can not spare my money to buy any of their product, the only time I see my self using their products is if someone gift it to me. The product is just overrated by people, meanwhile it has some lapses. I prefer to use Android devices and I am used to taking screenshot of username and passwords and some other private information, I didn't know it has other internal risk apart from the external risk of someone going through your gallery to find those information. I will have to extract those information to a safer place and delete the pictures.

[Nwada001]

The wallets, which allow users to take screenshots or their wallet phrase, are one step in helping their customers to make careless mistakes with their wallets even if they mean well by allowing those features.

The users who even take screenshots of their wallets are sharing the same risk as those who copy and save their phrase online because, aside from the device being a spy and files stolen by malware, anyone who has access to the phone can easily have access to those screenshots without the notice of the original owner of the phone.

I'm reckless with how I use my Android device because of the games I play with it, but my iOS has only a few apps that I use. I'm mindful of what I download on that phone; even with all these free VPNs and fancy wallpapers, I don't create room for them.

[Coyster]

Since no specific infected apps have been identified, I’m curious, what’s the best way to ensure our files and data are safe from this threat?

Since you say you usually take screenshots of your seed phrase, then you should move your assets to a new wallet, there is no way to know if your files and data is 100% safe from this. More often than not, people find out their device is infected with malware after their assets have been stolen, so it is much better to be proactive.

That being said, not only is keeping important info in your gallery bad, but also keeping all of your assets in a hot or online wallet, the only way you can be safe from attacks like this is if you are using an offline wallet.

[sokani]

I honestly dislike apple products, I can not spare my money to buy any of their product, the only time I see my self using their products is if someone gift it to me. The product is just overrated by people, meanwhile it has some lapses.

Is android phone any better? Whether you believe it or not Apple has more robust security than android. But it doesn't mean malicious applications cannot be deployed on the app store, which is exactly what OP is saying.

I prefer to use Android devices and I am used to taking screenshot of username and passwords and some other private information, I didn't know it has other internal risk apart from the external risk of someone going through your gallery to find those information. I will have to extract those information to a safer place and delete the pictures.

You can change to new passwords and use an open source password manager for storing your passwords. Also, If you've screenshots of your seed phrase on your phone, it's best to assume that it's already compromised. So create a new wallet and transfer your funds.

[Josefjix]

Honestly, I feel like I could be a potential victim, especially since I used to screenshot my seed phrase from different online wallets.

Since no specific infected apps have been identified, I’m curious, what’s the best way to ensure our files and data are safe from this threat?

Are you sure the screenshot was successful? Because no decentralized exchange app allows the ability to take screenshots of seed phrase, it's very embarrassing to see a reputation dex to allow users to take screenshots of their secret keys, nah, that can't happen at this critical era of crypto, its beyond this innovations nowadays.

The best way to safeguard your data is hand writing it on a paper is the accurate way for your safety.

[Lucius]

After all these years, people still save sensitive info as img

I don't know if this deletes the images that are automatically stored in the cloud (if you use Android and have that option turned on).

No for google cloud storage, it gets uploaded almost immediately after screenshot if there's an available internet connection so deleting it on the device requires deleting on cloud as well plus deleting it again in the trash again, not sure if google stores this information aswell for some time apart from the clod storage but it's totally bad getting it to a cloud storage in the  first palce. Google cloud storage can also be used on IOS btw just download and sync the google photos app

On the one hand, it's good to have a backup of photos and videos if you don't do them manually, and on the other hand, I'm not sure that they can ever be deleted from Google's servers, and that given the laws in the US, some of their security agencies have access to them. In any case, people should avoid taking pictures of confidential information, and if they do that for whatever reason, then turn off synchronization. That's one less risk if nothing else.

[lovesmayfamilis]

On the one hand, it's good to have a backup of photos and videos if you don't do them manually, and on the other hand, I'm not sure that they can ever be deleted from Google's servers, and that given the laws in the US, some of their security agencies have access to them. In any case, people should avoid taking pictures of confidential information, and if they do that for whatever reason, then turn off synchronization. That's one less risk if nothing else.

I also doubt that everything that has ever been put on the Internet or even photographed with a phone that has access to the Internet but has not been sent to the Internet will be scanned and saved somewhere on servers. I recently read an article that our iPhones are regularly monitored—and so regularly that you could say they are watching our every move. Therefore, I think it would be very naive to delude ourselves with the hope that by deleting a screenshot both on the phone and in the cloud, we will remain without a trace.

Very interesting article that shocks about how applications track us.
https://timsh.org/tracking-myself-down-through-in-app-ads/?utm_source=Securitylabru

[Lucius]

~snip~
Very interesting article that shocks about how applications track us.
https://timsh.org/tracking-myself-down-through-in-app-ads/?utm_source=Securitylabru

When one investigates this a little more closely, it seems quite disturbing - even though we all know that our computers and smartphones are essentially real spies, or as an old acquaintance of mine put it, "I don't want to have that spy box in my pocket" referring to a smartphone. Who would have thought that good old mobile phones without GPS and internet would be in high demand today - of course from those who are looking for privacy and just want to talk without all the other possibilities offered by today's technology.

One thing in the article caught my eye, but it really makes sense - because if they know such things about us, they can take maximum advantage of us at any time.

Like Uber dynamically adjusting taxi price based on your battery level - because you're not waiting for a cheaper option with 4% left while standing in the street. I can't know if that or another one is true.
But the fact that this data is available and accessible by advertisers suggests that they should at least think of using it.
I would.

[btcltcdigger]

I believe they are targeting crypto related apps, like those fake miners and wallets, or that kind of things in general.
If you're vigilant when downloading these, i'd say you're 99% safe.

[Coyster]

If you're vigilant when downloading these, i'd say you're 99% safe.

You cannot be vigilant when downloading applications, it is either you are downloading them or not, there is also no way to know the applications that have this trojan malware. If you keep your assets in a hot wallet, you are vulnerable to malwares like this, that is why it is advised to keep your assets offline in a hardware wallet and you keep only a small amount of money in your hot wallet.

[nakamura12]

This is quite alarming since some people do take screenshots of their seed phrase and honestly, I have done the same thing before which I did take screenshot of my seed phrase although I am not using it anymore since it's an eth wallet. It was during the time where many people are playing axie infinity and since I am no longer playing so it's most likely an abandoned wallet even though I still have the backup. So for others who also have the same should uninstall the app and transfer the funds to different wallet created on different device for safety purposes as the trojan might have taken the data already.