Malware that Bypassed the App Store Targets Photo Galleries and Cryptocurrency Assets [IT Item of the Day]

\r\n
[The Financial News] Malware that searches smartphone photo galleries to steal cryptocurrency wallet recovery phrases has resurfaced after slipping through official app stores. The threat has raised concerns that seemingly ordinary messenger and delivery apps could secretly scan photo data and expose cryptocurrency assets without users noticing.
On the 28th, Kaspersky's Threat Research Team said it had discovered a new variant of SparkCat malware in the App Store and the Google Play Store. The malware disguises itself as a legitimate app, infiltrates a user's device, and then scans the photo gallery to find and steal cryptocurrency wallet recovery phrases, or mnemonics. It is the first time a mobile malware targeting cryptocurrency has been found in official app stores, and it comes a year after the threat was removed from both platforms.
SparkCat was distributed under the guise of enterprise messenger and food delivery apps. Kaspersky said it identified two infected apps in the App Store and one in the Google Play Store, and that all of the malware has now been removed.
The Android version of SparkCat searches screenshots in smartphone galleries for specific keywords in Korean, Japanese, and Chinese. It mainly targets cryptocurrency assets held by users in Asia. In contrast, the iOS version looks for English-based phrases, allowing broader attacks that are not limited to a specific region.
SparkCat uses an optical character recognition module to analyze text in photos. If it finds information suspected to be a cryptocurrency wallet recovery phrase, it sends the image to the attacker. In other words, users can suffer financial losses based solely on information stored in photos, even if they never enter it themselves.
Its security evasion techniques have also become more sophisticated. Analysts said the malware uses advanced methods rarely seen in mobile threats, including a multilayer obfuscation structure, code virtualization, and a cross-platform programming language. The goal, they added, appears to be bypassing app store review processes.
Lee Hyo-eun, head of Kaspersky South Korea, said, "South Korea has become a major target for evolving mobile threats because of its high smartphone penetration and active use of cryptocurrency." She added, "Users should avoid storing sensitive information in plain sight and should adopt professional mobile security solutions."
kaya@fnnews.com Lee Hyo-eun Reporter