216.73.216.133

SparkCat crypto stealer in Google Play and App Store

· Published 06/02/2025 17:06 · Modified 06/02/2025 22:54

Export JSON

Essential information

Published
06/02/2025 17:06
Modified
06/02/2025 22:54
Tags
2025-02-06 android app store crypto-stealer google play ios ml kit ocr rust sparkcat
Related entities
9 observables, 14 techniques (mitre), 1 malware, 5 others

Description

A new malware campaign dubbed '' has been discovered targeting and users through both official and unofficial app stores. The malware, embedded in various apps, uses technology to scan users' image galleries for crypto wallet recovery phrases. Infected apps on had over 242,000 downloads. This marks the first occurrence of such a stealer in Apple's . The malware utilizes Google's for and communicates with C2 servers using a custom -based protocol. Active since March 2024, affects users in Europe and Asia, targeting multiple languages. The campaign highlights the vulnerability of both and platforms to sophisticated malware threats.

External references