Kaspersky researchers have discovered a dozen infected applications on the App Store and Play Store. These Android and iOS apps are designed to steal cryptocurrency from smartphone users. To do this, they will seize the credentials that provide access to investors' wallets on the blockchain.
Intercepted recovery phrases
In the code of the applications, Kaspersky has discovered a malware development kit called SparkCat. This kit is programmed to get its hands on the "recovery phrases" of users' wallets. This is a series of random words that can restore access to a crypto wallet in the event of loss of the device or credentials. It is generated when a wallet is created on the blockchain.
With this recovery phrase, cybercriminals will be able to access the users' wallet. Once in the wallet, they will be free to transfer digital assets to other addresses. Although it is possible to track the funds, victims may have to say goodbye to their assets.
A virus that searches your images
In detail, the kit is equipped with an OCR module (Optical Character Recognition) to analyze images stored on a device and extract text from them. The module will search through the images stored on the smartphone to find a recovery phrase.
This is why you should never take screenshots of your recovery phrase or your private keys. According to Kaspersky, the SparkCat kit "loads different OCR models depending on the system language to distinguish Latin, Korean, Chinese and Japanese characters in images."
A first on the App Store
The malware was first identified in a total of 18 apps, including ten iOS apps and eight Android apps. On the Play Store, the infected apps have been downloaded more than 242,000 times.
This is obviously far from the first time that fraudulent Android apps have put users' cryptocurrencies at risk. On the other hand, this is "the first known case of a thief being discovered in the App Store."It is also the "first known case of OCR spying in the Apple Store," the Russian company emphasizes.
Kaspersky has warned Apple and Google about the presence of the infected apps in their official stores. Despite this, some of the apps are still present on the platforms. At the time of writing, Kaspersky has discovered that some apps have already been removed from the Apple App Store.
Apple cleans house: 89 apps banned from the App Store
Shortly after, Apple cleaned house in the iOS app store by removing all infected apps. A total of eleven apps were initially banned from the App Store. In the process, Apple found 89 other iOS apps with the same malicious code. They have also been deleted. The developers’ accounts have been revoked.
Kaspersky believes that the malware may have been added as part of a supply chain attack. There is no evidence that the developers were aware of the presence of a virus in their apps’ code. Everything suggests that the instigators of the campaign come from China.
We advise you to adopt good habits when it comes to storing crypto assets. For example, opt for a physical cold storage wallet, which will protect you against cyber attacks.
Source: Kaspersky
0 Comments