A new cybersecurity threat has emerged as Kaspersky Labs reported the discovery of crypto-stealing malware in app development kits for both Android and iOS platforms. The malware, named SparkCat, uses optical character recognition (OCR) technology to scan images on infected devices for crypto wallet recovery phrases. These phrases, once stolen, allow attackers to drain funds from the victim's wallet.
The Malware's Functionality
SparkCat is designed to scan images within a device's gallery for specific keywords related to crypto wallet recovery phrases. By leveraging OCR technology, it can extract sensitive information such as private keys, messages, and passwords that may be embedded in screenshots. Once the malware captures a recovery phrase, it grants attackers unauthorized access to the victim's crypto wallet, enabling them to steal funds without needing a password.
Targeted Platforms and Reach
The malware targets both Android and iOS devices, exploiting vulnerabilities in legitimate and counterfeit apps found in the Google Play Store and Apple App Store. The kits that contain SparkCat are difficult to detect, making them a significant threat to users. Kaspersky estimates that the malware has been downloaded over 240.000 times since its inception in March 2024. with a primary focus on Europe and Asia.
Method of Distribution
SparkCat is embedded in malicious software development kits (SDKs) used to create apps across different platforms. It uses a Java-based component on Android and an encrypted configuration file for updates. The malware is disguised as an analytics module, allowing it to go undetected by many traditional security measures. In addition to stealing recovery phrases, it also targets other personal data stored on users' devices.
Recommendations for Protection
Kaspersky experts strongly advise users to refrain from storing sensitive information, such as crypto wallet recovery phrases, in screenshots or image galleries. They recommend using password managers to securely store this data. Additionally, users are urged to remove any suspicious apps that may be infected with SparkCat.
Conclusion
The discovery of SparkCat underscores the growing threat of cyberattacks targeting cryptocurrency users through mobile apps. As the crypto industry expands, so too do the risks associated with digital assets. Users must remain vigilant and practice good cybersecurity hygiene to protect their financial information from evolving threats.



















