Tech News

If you use cryptocurrency apps, there’s a new threat you should be aware of. A sneaky piece of malware called SparkCat has been making its way through Google Play and the App Store since at least March 2024, the latest cybersecurity report suggested. It’s different from regular malware because it uses machine learning to scan your photos for sensitive information—like the recovery phrases for your cryptocurrency wallets.

How SparkCat work? Once installed, SparkCat asks for permission to access your photo gallery. That might not seem suspicious at first as many apps do the same. But this Trojan has a hidden trick. It scans your stored images using optical character recognition (OCR) to look for text, especially anything related to crypto wallets and passwords. If it finds something valuable, it sends the image straight to hackers, who can then access your funds.

Beyond crypto, SparkCat can also steal other sensitive information from screenshots, such as passwords or private messages. That means even if you’re not into cryptocurrency, you could still be at risk.

The malware is hiding in both legitimate and fake apps, including messengers, AI assistants, food delivery services, and crypto-related applications. Some of these apps are available directly from Google Play and the App Store, while others are being distributed through third-party sources.

According to cybersecurity firm Kaspersky, infected apps have been downloaded over 242,000 times from Google Play. One example is a food delivery app called ComeCome for iOS, which had both iOS and Android versions infected. A fake messenger app in the App Store was also caught carrying the Trojan.

So far, SparkCat seems to be focusing on users in the UAE, Europe, and Asia. This is because it can scan text in English, Chinese, Japanese, Korean, French, Italian, Czech, Polish, and Portuguese. But realistically, users from anywhere could be affected.

SparkCat is particularly tricky because it spreads through official app stores, making it seem trustworthy. It also asks for permissions that don’t seem out of place—like access to your gallery—which makes it easy for users to approve without a second thought. For example, an infected app might ask for gallery access when you’re trying to contact customer support, which seems reasonable at the time.

If you think you’ve downloaded an infected app, delete it immediately and wait for a clean update before using it again. Here are some simple ways to protect yourself: