SparkCat: Crypto-Stealing Malware Lurking in App Stores

2025-02-05
SparkCat: Crypto-Stealing Malware Lurking in App Stores

ESET researchers uncovered a cross-platform malware dubbed "SparkCat" hidden within Google Play and the App Store, affecting over 242,000 downloads. The malware embeds a malicious SDK, using OCR to identify images of cryptocurrency wallet recovery phrases in users' photo galleries and sending them to a C2 server. Attackers employed a custom C2 communication protocol written in Rust, increasing analysis difficulty. The malware aims to steal cryptocurrency and utilizes multiple techniques to evade security measures.