Apple and Google have removed up to 20 apps from their app stores after security researchers discovered they contained malware that had been stealing data for nearly a year.
According to security experts from Kaspersky, this malware, called SparkCat, has been active since March 2024. Initially, researchers discovered the malware in a food delivery app used in the UAE and Indonesia, but later, they found 19 other apps also infected with this malware.
The total number of infected app downloads on Google Play is estimated to be more than 242,000.
SparkCat malware uses optical character recognition technology to scan content displayed on a user’s screen. Researchers found that the malware searches the victim’s photo library for keywords related to the phrase “recovery wallet” in multiple languages, including English, Chinese, Japanese, and Korean.
If an attacker obtains the recovery phrase, they can take full control of the victim's cryptocurrency wallet and steal the assets inside. Additionally, the malware is also capable of extracting personal information from screenshots, including messages and passwords.
After receiving reports from researchers, Apple removed the affected apps from the App Store last week, followed by Google following suit.
Ed Fernandez - Google spokesperson - confirmed that all detected applications have been removed from Google Play, and related developers have also been banned.
He also stressed that Android users are protected against known malware versions through the built-in security feature Google Play Protect.
As for Apple, the company has not commented on the incident.
Meanwhile, Ms. Rosemarie Gonzales - Kaspersky representative - said that although the applications were removed from the official application store, the company's data showed that the malware could still be spread through other websites and unofficial application stores.
