Apple and Google have removed 20 apps from their respective app stores after security researchers uncovered a data-stealing malware that had been active for almost a year. Cybersecurity experts at Kaspersky discovered that the malware, dubbed SparkCat, had been operational since March 2024 and was initially found in a food delivery app used in the United Arab Emirates and Indonesia. Further analysis revealed that the malware had spread to 19 other unrelated apps, amassing over 242,000 downloads from the Google Play Store alone.
How SparkCat Malware Operates
The SparkCat malware utilizes optical character recognition (OCR) to scan users’ image galleries for sensitive text. Specifically, it searches for recovery phrases associated with cryptocurrency wallets across multiple languages, including English, Chinese, Japanese, and Korean. By obtaining these recovery phrases, attackers can gain full control over a victim’s crypto wallet and steal their funds. The malware is also capable of extracting personal data from screenshots, including messages, passwords, and other sensitive information.
Apple and Google’s Response
Upon receiving Kaspersky’s report, Apple removed the compromised apps from its App Store last week, while Google followed suit soon after. Google spokesperson Ed Fernandez confirmed that:
- All identified apps have been removed from the Play Store.
- Developers responsible for the malware have been banned from the platform.
- Android users are protected from known versions of this malware through Google Play Protect.
Apple has not yet provided an official response to the findings.
Malware Still Available Outside Official App Stores
While the infected apps are no longer available on Google Play and the App Store, Kaspersky warns that SparkCat malware is still being distributed through non-official sources. Kaspersky spokesperson Rosemarie Gonzales stated that telemetry data suggests the malware can still be found on third-party websites and unofficial app stores. This highlights the ongoing risk for users who download apps from unverified sources.
How to Protect Yourself from Mobile Malware
- Download Apps Only from Official Stores – Avoid third-party app stores, as they often lack stringent security checks.
- Enable Google Play Protect – This built-in security feature helps detect and remove malicious apps on Android.
- Be Cautious with Permissions – Apps requesting unnecessary access to your gallery, messages, or storage may be suspicious.
- Use Strong Security Measures – Enable two-factor authentication (2FA) and store cryptocurrency recovery phrases securely offline.
- Keep Your Devices Updated – Regular software updates help patch security vulnerabilities.
According to TechCrunch, the discovery of SparkCat malware highlights the growing threats targeting crypto investors and mobile users. While Apple and Google have acted swiftly to remove the infected apps, the presence of the malware outside official stores remains a major concern. Users should exercise caution, rely on official app marketplaces, and implement strong security practices to safeguard their personal data and digital assets.
