CP
cyberpings
Malware & RansomwareHIGH

SparkCat Variant - New Malware Steals Crypto Wallet Images

Featured image for SparkCat Variant - New Malware Steals Crypto Wallet Images
THThe Hacker News
Summary by CyberPings EditorialΒ·AI-assistedΒ·Reviewed by Rohit Rana
Ingested:
🎯

Basically, a new malware steals pictures of your crypto wallet passwords from apps on your phone.

Quick Summary

A new SparkCat malware variant has been found in iOS and Android apps, targeting crypto wallet recovery phrases. This poses a significant risk to users. Stay vigilant and protect your data!

What Happened

Cybersecurity researchers have uncovered a new variant of the SparkCat malware lurking in the Apple App Store and Google Play Store. This discovery comes more than a year after the original SparkCat trojan was identified. The malware cleverly disguises itself within seemingly harmless applications, such as enterprise messengers and food delivery services. Once installed, it silently scans users' photo galleries for images containing cryptocurrency wallet recovery phrases.

Who's Affected

The targeted users are primarily cryptocurrency holders in Asia. Kaspersky, a leading Russian cybersecurity firm, has reported finding two infected apps on the App Store and one on the Google Play Store. The iOS variant of SparkCat is particularly concerning because it scans for wallet mnemonic phrases in English, potentially affecting a broader audience regardless of their geographical location.

How It Works

The new SparkCat variant employs advanced techniques to avoid detection. The Android version includes multiple layers of obfuscation, utilizing code virtualization and cross-platform programming languages. This makes it challenging for security analysts to dissect its operations. The malware scans for keywords in Japanese, Korean, and Chinese, reinforcing its focus on Asian markets.

Once it identifies relevant images using an optical character recognition (OCR) model, it exfiltrates these images to an attacker-controlled server. This capability allows the malware to effectively harvest sensitive information from unsuspecting users.

Signs of Infection

Users might not notice anything unusual at first. However, if you have recently installed apps from unofficial sources or noticed unusual behavior in your apps, it could be a sign of infection. Look for apps that request unnecessary permissions, especially access to your photo gallery.

How to Protect Yourself

To safeguard against SparkCat and similar threats:

  • Install reputable security software on your devices.
  • Avoid downloading apps from unofficial sources or those with poor reviews.
  • Regularly check app permissions and revoke access to photos for apps that don't need it.
  • Stay informed about the latest cybersecurity threats and updates.

Kaspersky researchers emphasize the importance of using security solutions for smartphones to protect against a wide range of cyber threats. As malware like SparkCat evolves, so must our defenses.

πŸ”’ Pro insight: The evolving techniques of SparkCat highlight the need for robust mobile security solutions to combat sophisticated malware threats.

Original article from

THThe Hacker News
Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malicious Email Delivers CMD Malware - Privilege Escalation Alert

A malicious email has delivered a .cmd malware file that escalates privileges and bypasses antivirus systems. Users are at risk of significant system compromise. Awareness and immediate action are vital to mitigate this threat.

Security AffairsΒ·
HIGHMalware & Ransomware

Axios NPM Package Compromised - Supply Chain Attack Exposed

A major supply chain attack compromised the Axios NPM package, affecting millions of users. Malicious versions deployed a RAT, posing serious security risks. Swift action was taken to remove the threats.

Trend Micro ResearchΒ·
HIGHMalware & Ransomware

Brokk Hacked - Play Ransomware Exposes Sensitive Data

Brokk has reportedly been hacked by Play ransomware, leading to the leak of sensitive corporate data. This incident could severely impact the company's reputation and security. Organizations must bolster their defenses to prevent similar breaches.

SC MediaΒ·
HIGHMalware & Ransomware

Chaos Malware - New Targeting of 64-bit Linux Servers

Chaos malware has evolved to target 64-bit Linux servers, expanding its attack surface. This shift raises alarms for organizations relying on these systems. Enhanced security measures are now crucial to protect against potential larger-scale attacks.

SC MediaΒ·
HIGHMalware & Ransomware

Phorpiex Botnet - Spreading Ransomware and Sextortion Tactics

The notorious Phorpiex botnet is back, spreading ransomware and sextortion schemes. Millions are at risk as it targets users globally. Stay alert and protect your devices from this evolving threat.

Cyber Security NewsΒ·
HIGHMalware & Ransomware

Boeing RFQ Malware Campaign - Hackers Deploy Six-Stage Attack

A new malware campaign is targeting industrial suppliers with fake Boeing RFQ emails. This sophisticated attack uses multiple file types to evade detection. Organizations need to be aware and take action to protect themselves.

Cyber Security NewsΒ·