Crypto stealing apps in the Apple App Store: What to do if you install them?

02-06

Researchers at Kaspersky Lab have found a malicious software development kit (SDK)/framework embedded in several apps in the Apple App Store and Google Play Store that’s designed to steal cryptocurrency wallet recovery phrases using optical character recognition (OCR) plugins.

As per the Kaspersky researchers, the infected apps were downloaded over 242,000 times from Google Play Store but it’s the first time they were found in the Apple App Store. The researchers have named the malware “SparkCat” and claim that it has been active since March 2024.

“The Android malware module decrypted and launched an OCR plugin based on the Google ML Kit library, which it used to recognize text in images in the device gallery. Using keywords received from C2 (Command and Control comms channel used by hackers to remotely control a device), the Trojan sent images to the command server. The iOS malware module was similarly designed and also used the Google ML Kit library for OCR.”, says the Kaspersky Lab report. The iOS malware also uses the ML Kit interface.

In case you have installed such an infected app, Kaspersky researchers recommend uninstalling it and not using it “until a patch is released that removes the malicious functionality.” They also advise not to store screenshots with sensitive information like "recovery phrases for access to cryptocurrency wallets" in the device gallery.

“Passwords, confidential documents and other sensitive data can be stored in special applications”, said the Kaspersky Lab researchers. In addition to that, investing in a “reliable security solution on all your devices” is advised.

The researchers have compiled a list of the BundleID encrypted in the body of iOS frameworks, which goes as follows-

im.pop.app.iOS.Messenger
com.hkatv.ios
com.atvnewsonline.app
io.zorixchange
com.yykc.vpnjsq
com.llyy.au
com.star.har91vnlive
com.jhgj.jinhulalaab
com.qingwa.qingwa888lalaaa
com.blockchain.uttool
com.wukongwaimai.client
com.unicornsoft.unicornhttpsforios
staffs.mil.CoinPark
com.lc.btdj
com.baijia.waimai
com.ctc.jirepaidui
com.ai.gbet
app.nicegram
com.blockchain.ogiut
com.blockchain.98ut
com.dream.towncn
com.mjb.Hardwood.Test
com.galaxy666888.ios
njiujiu.vpntest
com.qqt.jykj
com.ai.sport
com.feidu.pay
app.ikun277.test
com.usdtone.usdtoneApp2
com.cgapp2.wallet0
com.bbydqb
com.yz.Byteswap.native
jiujiu.vpntest
com.wetink.chat
com.websea.exchange
com.customize.authenticator
im.token.app
com.mjb.WorldMiner.new
com.kh-super.ios.superapp
com.thedgptai.event
com.yz.Eternal.new
xyz.starohm.chat
com.crownplay.luckyaddress1

Sector:

Play To Earn

Source

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content