iPhone 16 Pro Max. A newly discovered malware campaign is stealing cryptocurrency from iOS by exploiting vulnerabilities in apps available on the App Store. Kaspersky researchers have discovered a malicious software development kit (SDK) called SparkCat hidden inside multiple apps on both iOS and Android. SparkCat is designed to steal cryptocurrency wallet recovery phrases using optical character recognition (OCR), allowing attackers to access and drain funds remotely.
Kaspersky has shared a list of MD5 hashes linked to the malicious SparkCat SDK, as well as BundleIDs for iOS apps. However, the company hasn't revealed the full list of infected apps, leaving users in the dark about whether they've installed one. While some, like ChatAi, have been identified, many remain unnamed, raising concerns that malware could still be lurking on users' devices. The infected apps on Google Play had over 242,000 downloads, and SparkCat appears to be the first documented instance of crypto-stealing malware slipping through Apple's App Store review process. It was initially found in a food delivery app called ComeCome, which was available in the UAE and Indonesia.
Researchers determined the malware has been active since at least March 2024, scanning users' photo galleries for wallet recovery phrases and secretly uploading them to an attacker-controlled command-and-control (C2) server. Unlike past malware that primarily spread through unofficial sources, SparkCat managed to slip into legitimate app stores, making it a more serious threat. It also communicates with attackers using a custom protocol built in Rust, an uncommon programming language for mobile apps.
Some of the infected apps seemed legitimate, like food delivery and AI-powered messaging apps, while others were likely created to bait users. While Apple and Google have removed most affected apps, security researchers warn that some may still be available through sideloading or third-party sources. Anyone who downloaded these apps should delete them immediately and check their crypto wallets for any signs of unauthorized access.
Like SparkCat, some malware strains also use OCR to extract text from images. Storing a recovery phrase as a screenshot or photo makes it an easy target for automated scanning tools used by attackers. Check your installed apps regularly and delete anything that looks unfamiliar or unnecessary. Using a reputable mobile security app can help catch potential threats before they become a problem. And if you think your wallet might be compromised, transfer your funds to a new one with a fresh recovery phrase, but only after making sure your device is clean.
That means deleting any suspicious apps, especially those flagged in security reports. It's also a good idea to reset app permissions and clear cached data to remove any lingering threats. Before restoring from a backup, ensure it doesn't include any infected apps, as reintroducing malware is a common risk. After resetting, only reinstall essential apps from trusted sources to minimize risk. Andrew is a writer and commentator who has been sharing his insights on technology since 2015. He has authored numerous online articles covering a range of topics including Apple, privacy, and security. Andrew joined ...
The popular Apple TV+ series Ted Lasso is expected to return for a fourth season that primarily revolves around the creation of AFC Richmond's women's team. Watch the Big Game your way with our comprehensive list of ways to watch Super Bowl LIX from your iPhone, iPad, Apple TV, Mac, and even the Apple Vision Pro. Pick up an M4 Pro 14-inch MacBook Pro at a $250 discount and enjoy the comfort of it delivered to your doorstep.
If you're the type who prefers to take their repairs into their own hands, Apple now offers the parts and manuals required to repair the M4 MacBook Pro, iMac, and Mac mini. Sponsored Content. If you're looking for a private and fast VPN for Mac, along with an antivirus and leak notification tool, Surfshark One has it bundled together to help reduce your digital footprint online. Add another one to Apple's list of third-party apps that it has endangered, as Apple Invites threatens the livelihood of event planning app Partiful.
South Korean media claims that Apple Silicon M5 chips are in mass production, which makes a lot of sense considering that the first devices that will use them are expected ship before the end of 2025. Despite the airline previously banning AirTags for reasons understood only by itself, Lufthansa has now support for them in its app and is celebrating the integration. Following the introduction of trade tariffs by the US, China is said to be considering an antitrust investigation into Apple's App Store practices.
