Apple, Google remove 20 malware-infested apps from App Stores
Apple and Google pulled 20 apps from their respective app stores after security researchers discovered they contained data-stealing malware that had been active for nearly a year.Kaspersky identified the malware, known as SparkCat, which has been operational since March 2024. Initially, researchers discovered the malicious framework within a food delivery app used in the UAE and Indonesia. Further investigation revealed that 19 other, unrelated apps were infected. These apps were downloaded more than 242,000 times from Google's Play Store.
The malware uses optical character recognition technology to scan text displayed on users' screens. Researchers discovered that it targeted image galleries on victims' devices, looking for keywords related to cryptocurrency wallet recovery phrases in multiple languages, including English, Chinese, Japanese, and Korean.
By capturing recovery phrases, attackers can gain complete control of victims' cryptocurrency wallets and steal their funds. The researchers also discovered that the malware could extract personal data from screenshots, such as messages and passwords.
Following Kaspersky's report, Apple removed the affected apps from the App Store last week, and Google followed suit shortly thereafter.
"All of the identified apps have been removed from Google Play, and their developers have been banned," Google spokesperson Ed Fernandez told TechCrunch.
Google also confirmed that Android users were protected from known versions of this malware by the built-in Google Play Protect security feature. Apple has not yet responded to requests for comment.
Rosemarie Gonzales, a Kaspersky spokesperson, warned that while the infected apps have been removed from official stores, telemetry data shows that the malware is still accessible through third-party websites and unofficial app stores.
Leave A Comment