Source URL: https://it.slashdot.org/story/25/02/05/1826259/first-ocr-spyware-breaches-both-apple-and-google-app-stores-to-steal-crypto-wallet-phrases?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: First OCR Spyware Breaches Both Apple and Google App Stores To Steal Crypto Wallet Phrases
Feedly Summary:
AI Summary and Description: Yes
**Summary:** Researchers from Kaspersky have identified new malware named “SparkCat” that exploits optical character recognition (OCR) technology to extract cryptocurrency wallet recovery phrases from users’ photo galleries on both Android and iOS platforms. This malware represents a significant security threat as it has infiltrated mainstream app stores, demonstrating advanced evasion tactics and targeting sensitive user information.
**Detailed Description:** The SparkCat malware poses substantial risks in the areas of information security and mobile application safety, particularly concerning cryptocurrency users. Its emergence highlights critical vulnerabilities in app store vetting processes and user privacy protections.
– **Malware Functionality:**
– Utilizes OCR to scan images in users’ photo galleries specifically for cryptocurrency wallet recovery phrases.
– Masquerades as a benign analytics SDK called “Spark,” making it harder for users and app reviewers to discern its malicious intent.
– **Distribution Channels:**
– Found within messaging and food delivery apps on both Google Play and the Apple App Store.
– Accumulated over 242,000 downloads in the infected Google Play apps, indicating wide distribution.
– **Operational Techniques:**
– Asks for gallery access under the pretext of enhancing messaging experiences by allowing image attachments.
– Once access is granted, it systematically searches for keywords relating to cryptocurrency wallets and transmits identified images to external servers controlled by the attackers.
– **Cross-Platform Presence:**
– Exist on both Android and iOS platforms with similar operational approaches, marking it as a severe cross-platform threat in mobile security.
– **Evasion of Apple’s Security Measures:**
– The success of the iOS version in bypassing Apple’s rigorous app review process raises questions about the effectiveness of current security protocols in major app ecosystems.
– **Attribution of Threat Actors:**
– Evidence suggests the potential involvement of Chinese-speaking threat actors based on code comments and server messages, although conclusive links have not been established.
This incident represents an alarming trend in malware development, particularly as attackers increasingly leverage advanced methods to target sensitive information in widely-used applications. Security and compliance professionals must prioritize monitoring for similar threats and enhancing app review procedures to safeguard user data from such sophisticated attacks.