Kaspersky researchers have detailed a cross‐platform malware campaign that targets cryptocurrency wallet recovery phrases through malicious mobile apps.

According to a recent report, the “SparkCat” campaign uses a malicious software development kit (SDK) embedded in modified messaging apps and other applications to scan users’ image galleries for sensitive recovery data. This technique was first observed in March 2023.

At the time, cybersecurity researchers observed malware features within messaging apps scanning user galleries for crypto wallet recovery phrases—commonly known as mnemonics—to send to remote servers.

The initial campaign only affected Android and Windows users through unofficial app sources, the researchers said.

This is not true for SparkCat, which was discovered in late 2024. This new campaign employs an SDK framework integrated into various apps available on official and unofficial app marketplaces for Android and iOS devices.

In one instance, a food delivery app called “ComeCome” on Google Play was found to include the malicious SDK. The infected apps have been collectively installed more than 242,000 times, and similar malware was later identified in apps available on Apple’s App Store.

Go to Source to See Full Article
Author: Adrian Zmudzinski