1. Forum
  2. FidoNET
  3. CONSPRCY

  • Screen reading malware fo

    From Mike Powell@1:2320/105 to All on Friday, February 07, 2025 11:02:00
    Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency

    Date:
    Thu, 06 Feb 2025 20:49:00 +0000

    Description:
    SparkCat malware is targeting unsuspecting iOS and Android app stores.

    FULL STORY

    Crypto-stealing malware dubbed SparkCat has been discovered on iOS and
    Android app stores, and is embedded with a malicious SDK/framework for
    stealing recovery phrases for crypto wallets.

    A report from Kaspersky has identified malicious apps, some with upwards of 10,000 downloads, that scan the victims gallery to find keywords - if
    relevant images are found, they are then sent to a C2 server.

    This is the first time a stealer has been found in Apples App store, and this is significant because Apple reviews every entry to help provide a safe and trusted experience for users - so these malware-infected apps show that the review process is not as robust as it should be.

    Although aimed at stealing cryptocurrency wallet recovery phrases, Kaspersky notes that the malware is flexible enough to steal other sensitive data from victims galleries - heres what we know. Multiple malicious apps

    The SparkCat malware campaign was first discovered in late 2024, and is suspected to have been active since March 2024.

    The first app Kaspersky identified was a Chinese food delivery app, ComeCome. The app had over 10,000 downloads and was based in Indonesia and the UAE. The app was embedded with malicious content, and contained OCR spyware which
    chose images from the infected devices to exfiltrate and send to the C2
    server.

    This wasnt the only infected app though, and researchers found that infected apps available in Google Play had been downloaded a combined total of over 242,000 times. In 2024, over 2 million risky Android apps were blocked from
    the Play Store , including some which tried to push malware and spyware - so although Google is improving its protections, clearly some still make it through.

    In the app store, some apps appeared to be legitimate, like the food delivery services, while others had apparently been built to lure victims. An example
    of this, researchers outlined, is a series of similar AI-featured messaging apps by the same developer, including AnyGPT and WeTink.

    Its not clear whether these infections are deliberate actions by developers,
    or are a result of supply chain attacks, but the report does note that the permissions that it requests may look like they are needed for its core functionality or appear harmless at first glance.

    What makes this Trojan particularly dangerous is that theres no indication of
    a malicious implant hidden within the app Kaspersky adds.

    Mitigating malware

    If you have one of the infected apps installed on your device, Kaspersky of course recommends removing it and steering clear until a fix is released -
    the list of infected apps can be found here .

    There is software that can help protect your device, like antivirus software
    - and as a key part of this malware in particular is the exfiltration of sensitive data through screenshots, the best advice is to avoid storing passwords, confidential documents, or sensitive information in your gallery.

    Instead, check out the best password managers to securely store your information, as these present a much safer and convenient option to keeping your passwords in your photos. Make sure you dont reuse passwords on multiple sites, and change your passwords regularly to avoid a breach.

    There are some tricks to avoid malware apps, and considering that dangerous malware apps have been found to have been installed millions of times , its always best to be safe.

    First of all, be wary of the warning signs. Go through the feedback and
    reviews - especially the negatives, as it's likely someone else will have already flagged a bug. Be very suspicious of an app which asks for your existing social media credentials - as this could be criminals looking to hijack your account.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/screen-reading-malware-found-in-ios-app -stores-for-first-time-and-it-might-steal-your-cryptocurrency

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)