Kaspersky's Center for Cyber Security has found this malware (malware) based on optical identity that appears on the App Store. Sparkcat uses machine learning technology to scan a photo library and steal screenshots containing phrases restoring cryptocurrencies. Sparkcat can also find and extract other sensitive data in images, such as passwords.
How to spread new malware
The Malware is not only hidden in infected legal applications with malware, but also in bait applications such as messaging apps, AI assistants, food delivery, applications related to cryptocurrencies, etc.
Some apps can be downloaded from official platforms on Google Play and App Store. Kaspersky's remote measurement data also shows that app versions contaminated with malware are also distributed through unofficial sources. On Google Play, these apps have been downloaded more than 242,000 times.
Who was the target attacked by this malware?
Malware mainly targets users in the UAE and countries in Europe and Asia. This is the conclusion of experts based on information about the operating areas of applications infected with malware and technical analysis of malware.
Accordingly, SparkCat scanned the photo library to find keywords in many languages, including Chinese, Japanese, Korean, English, Czech, French, Italian, Polish and Portuguese. However, experts believe that the victims may also come from other countries.
How SparkCat works
According to the scenario, after being installed on the device, this malware will require access to the user's photo library to view all images. After that, this malware will use a optical signature (OCR) recognition module to analyze text and signatures in images. If the stolen words were discovered, SparkCat would send the image to the attackers.
hackers' main goal is to find words to restore cryptocurrency wallets. With this information, bad guys can completely control the victim's wallet and steal money. In addition to stealing restored phrases, this malware also has the ability to extract other personal information from screenshots, such as text messages and passwords.
To avoid becoming victims of this malware, Kaspersky cybersecurity experts recommend the following safety measures:
- If you have installed one of the malware-infected applications, delete them immediately from the device and do not reuse them until there is an update to fix the problem.
- Avoid storing screenshots containing sensitive information in the photo library, including the phrase restoring cryptocurrencies. Passwords should be stored in specialized security applications.
- Use reliable security software to prevent the risk of malware.
