Security researchers at Kaspersky have uncovered a sophisticated malware framework known as SparkCat, which has been active since March 2024. This malicious software infiltrated a food delivery app used in the United Arab Emirates and Indonesia, before spreading to 19 other unrelated applications. As a result, Apple and Google have pulled as many as 20 apps from their respective app stores to protect users from this growing threat.
Malware Uses OCR Technology to Capture Sensitive User Data
The compromised apps, which were cumulatively downloaded more than 242,000 times through Google’s Play Store, utilized advanced techniques to threaten user privacy. The malware employed optical character recognition (OCR) technology to capture text visible on users’ displays and to scan image galleries for keywords linked to cryptocurrency wallet recovery phrases. Its multilingual capabilities allowed it to target a diverse range of users, supporting languages such as English, Chinese, Japanese, and Korean.
Google has assured users that its in-built Google Play Protect security feature shields Android users from known versions of this malware. Google spokesperson Ed Fernandez confirmed:
“All of the identified apps have been removed from Google Play, and the developers have been banned.”
Despite Google’s proactive measures, Kaspersky’s telemetry data suggests that SparkCat was also distributed through other websites and non-official app stores. This highlights a potential risk for users who download applications from sources outside the official app marketplaces.
The discovery of SparkCat’s presence in a widely used food delivery app underscores the malware’s reach and the potential impact on unsuspecting users. Notably, Apple has not responded to requests for comment regarding the removal of affected apps from its App Store.
The malware remained undetected for almost a year before Kaspersky’s researchers identified its presence. The compromised apps were swiftly removed from both the App Store and Google Play Store last week upon discovery.
What The Author Thinks
The discovery of the SparkCat malware framework highlights the ever-evolving nature of cybersecurity threats and the ongoing challenge for both app stores and users to stay vigilant. While Apple and Google have taken swift action in removing the affected apps, the fact that this malware went undetected for nearly a year serves as a stark reminder of the risks associated with downloading apps from non-official sources. As malware becomes more sophisticated, it’s crucial for users to prioritize security and for app stores to continue improving their monitoring systems to protect privacy and sensitive data.
Featured image credit: Image Hunter via Pexels
Follow us for more breaking news on DMR