SparkCat malware returns to target Android and iOS users, hiding in innocent apps to try and steal your details
- SparkCat infostealer hidden in iOS App Store and Play Store apps
- Targets cryptocurrency seed phrases via OCR and keywords
- New obfuscation techniques make detection more difficult
SparkCat, a mobile-first infostealer that targets people’s cryptocurrencies, is back with new upgrades that make it more difficult to spot.
Cybersecurity researchers Kaspersky claim to have found multiple apps both in the Apple App Store and the Google Play Store delivering the malware.
Apple and Google app repositories are generally safe, and knowing the size and the popularity of the platforms, both companies go the extra mile to make sure the apps offered there are clean. However, every once in a while, threat actors manage to work around the perimeter to smuggle malicious apps inside.
Article continues below
Hunting for mnemonics
In this case, Kaspersky said it discovered enterprise messengers and food delivery services apps hiding SparkCat.
This infostealer was first spotted in 2025, hunting for people’s mnemonic seeds, or “seed phrases” – a set of 12 or 24 seemingly random words which can be used to load a person’s cryptocurrency wallet on another device as a backup solution in case the device is lost or broken.
SparkCat recently made headlines for the way it used OCR (Optical Character Recognition) to extract seed phrases from photos and screenshots. It targeted primarily Asian users and, while the new version still does the same, it has taken a step further to potentially target Western users, as well.
The Android version still hunts for Japanese, Korean, and Chinese keywords. The iOS version, however, hunts for English mnemonics.
Kaspersky also says that some changes were made under the hood as well, with the developers adding code virtualization and cross-platform languages for better obfuscation. These techniques, they claim, are rarely seen in mobile malware.
The researchers said they reported their findings to both Google and Apple, and that “some” of the malicious apps were already removed.
Via The Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
SparkCat infostealer hidden in iOS App Store and Play Store apps Targets cryptocurrency seed phrases via OCR and keywords New obfuscation techniques make detection more difficult SparkCat, a mobile-first infostealer that targets people’s cryptocurrencies, is back with new upgrades that make it more difficult to spot. Cybersecurity researchers Kaspersky claim…
