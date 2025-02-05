A troubling new malware campaign targeting mobile users by capturing data from screenshots to rob from their crypto wallets has emerged.

The new SparkCat malware discovered by the cyber security company Kaspersky has been discovered within apps on both the Google Play store and the Apple App Store.

The malware users optical character recognition (OCR) to harvest the details by scanning users’ image galleries on the look out for the recovery keys associated with cryptocurrency accounts.

While this method has been known to be used by scammers on Android, the firm notes it’s the first time such an attack has penetrated Apple’s ecosystem. The iOS-based malicious code was based on similar tech that powered the Android tool.

“We found Android and iOS apps, some available in Google Play and the App Store, which were embedded with a malicious SDK/framework for stealing recovery phrases for crypto wallets,” Kaspersky wrote in a blog post revealing its findings.

“The infected apps in Google Play had been downloaded more than 242,000 times. This was the first time a stealer had been found in Apple’s App Store.”

The crafty malware looks works by using the app to send a request to read photo galleries. If helpful account details are found, they are sent back to the attackers, who can exploit them to steal.

It’s currently not clear how the malware made it into affected apps and whether anyone has lost money via the scheme, but Kaspersky says one such app, a Chinese food and grocery delivery app called ComeCome is still available to download.