Kaspersky has revealed a significant malware campaign named SparkCat. This malware secretly scanned users’ phone galleries for crypto recovery phrases hidden in screenshots. It was found in food delivery and AI chat apps, affecting around 242,000 users before being removed from app stores.
Unlike typical scams that promise financial gain, SparkCat operated quietly. This secrecy makes it hard to measure its financial impact. Kaspersky, a respected cybersecurity firm, noted that the malware had been active on Google Play and the App Store since March 2024. It utilized machine learning to search images for sensitive information, like crypto wallet recovery phrases and passwords.
The malware was cleverly disguised within seemingly harmless applications, allowing attackers to access users’ photo galleries. The main aim was to extract private recovery keys without drawing attention. Kaspersky has not disclosed how much money or cryptocurrency was stolen, but they highlighted the sophistication of this attack.
The operation primarily targeted users in Europe and Asia. Researchers believe the attackers may be of Chinese origin, based on the language found in the malware’s source code.
Although the affected apps have been taken down, this discovery is important because crypto-related malware attacks had been decreasing. In contrast, scams on social media involving meme coins have become more prevalent, often using aggressive tactics to deceive investors.
SparkCat’s method was different, focusing on stealth rather than trickery. Its ability to bypass various security measures raises concerns about the potential for similar attacks in the future.
