After security researchers discovered the apps were carrying data-stealing malware for nearly a year, Apple and Google removed as many as twenty apps from their app stores.
According to Kaspersky’s security analysts, the virus known as SparkCat has been in circulation since March 2024. The researchers first discovered the harmful architecture in an Indonesian and UAE food delivery app, but they later discovered it in nineteen other, unrelated apps that had a total of over 242,000 downloads from the Google Play Store.
Researchers discovered that the malware searched victims’ device image galleries for keywords to find recovery phrases for cryptocurrency wallets in multiple languages, including English, Chinese, Japanese, and Korean, using code that is designed to capture text visible on the user’s display, known as optical character recognition (OCR).
Researchers discovered that attackers might take funds from victims’ wallets if the malware managed to capture their recovery phrases.
According to the researchers, the malware might also make it possible to steal sensitive information like passwords and messages from screenshots.
After the researchers reported the hacked apps, Apple and Google removed them from the App Store last week.
“All of the identified apps have been removed from Google Play and the developers have been banned,” Techjuice was informed by Google spokesperson Ed Fernandez.
The built-in Google Play Protect security mechanism protected Android users from known versions of this malware, according to a Google spokesperson.
Apple didn’t answer when asked for a response.
According to Rosemarie Gonzales, a spokesperson for Kaspersky, the reported apps have been removed from official app stores. However, telemetry data suggests that the malware may still be available on other websites and unofficial app stores.