<div id="readability-page-1" class="page"><div>Kaspersky has identified a new variant of the SparkCat Trojan in the App Store and Google Play—a year after the crypto-stealing malware was first discovered and removed from both platforms. The Trojan hides inside legitimate-looking apps and scans users' photo galleries for cryptocurrency wallet recovery phrases.The new version of SparkCat is distributed through infected legitimate apps—a messenger designed for enterprise communication and a food delivery app. Kaspersky experts found two infected apps on the App Store and one on Google Play, from which the malicious code has since been removed. Kaspersky telemetry shows that the apps infected with SparkCat are also distributed through third-party sources. A few of these web pages are mimicking the App Store if opened from an iPhone.The updated variant of the Trojan for Android scans image galleries on the compromised devices for screenshots containing specific keywords in Japanese, Korean, and Chinese, leading Kaspersky experts to assess that this campaign primarily targets cryptocurrency assets of users in Asia. The iOS variant, however, takes a different approach as it scans for cryptocurrency wallet mnemonic phrases, which are in English. This makes the iOS variant potentially broader in reach, as it can affect users regardless of their region. The updated SparkCat version for Android features multiple obfuscation layers compared to previous versions, including code virtualization and cross-platform programming language usage — techniques that are rare for mobile malware.Kaspersky has reported known malicious applications to Google and Apple.“The updated variant of SparkCat requests access to view photos in a user’s smartphone gallery in certain scenarios—just like the very first version of the Trojan. It analyzes the text in stored images using an optical character recognition module. If the stealer finds relevant keywords, it sends the image to the attackers. Considering the similarities of the current sample and the previous one, we believe that the developers of the new version of malware are the same. This campaign again underscores the importance of using security solutions for smartphones to stay protect against a broad range of cyberthreats,” said Sergey Puzan, cybersecurity expert at Kaspersky. “The SparkCat malware is an evolving mobile threat. Threat actors behind it constantly raise the complexity of the anti-analysis techniques, allowing it to bypass the review process of the official app stores. Moreover, methods used by the SparkCat developers, such as code virtualization and cross-platform programming language usage, are rare for mobile malware. This demonstrates the high skill of the threat actors,” added Dmitry Kalinin, cybersecurity expert at Kaspersky.To avoid becoming a victim of this malware, Kaspersky recommends the following safety measures:<ul><li>Use reliable cybersecurity software, like Kaspersky for Mobile — it can protect your data on smartphones from cyberattacks. Kaspersky for Android will prevent installation of the malware, while Kaspersky for iOS, due to the architectural characteristics of Apple’s OS, prevents an attempt to connect to the attackers’ command server and displays a warning to users. </li><li>Avoid storing screenshots containing sensitive information in your gallery, especially cryptocurrency wallet seed phrases. Such sensitive information as well as screenshots of important documents should be stored in specialized applications such as Kaspersky Password Manager.</li><li>Be careful even downloading apps from official stores, as it is not always risk-free.</li></ul>About KasperskyKaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.Send us your press releases to pressrelease.zawya@lseg.comDisclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.</div></div>

ABTC

CLSK

Kaspersky has discovered a new variant of the SparkCat Trojan that bypasses security on the App Store and Google Play. This malware, hidden in legitimate apps, targets cryptocurrency wallet recovery phrases and is primarily aimed at users in Asia. The updated version features advanced obfuscation techniques, making it harder to detect. Kaspersky recommends using reliable cybersecurity software and avoiding storing sensitive information in photo galleries. The company emphasizes the importance of security solutions to protect against evolving cyber threats.

- Kaspersky has detected a new variant of the SparkCat Trojan on the App Store and Google Play, targeting cryptocurrency assets primarily in Asia.  
- The Trojan disguises itself in legitimate apps and scans users' photo galleries for recovery phrases, employing advanced obfuscation techniques to evade detection.  
- Kaspersky advises users to use reliable cybersecurity software and store sensitive information in secure applications to mitigate risks associated with this evolving mobile threat.

Zawya

American Bitcoin

CleanSpark

Hut 8 Mining

Grayscale Bitcoin Mini Trust ETF

Grayscale Bitcoin Trust BTC - ETF

SecuAvail, Inc.

Bakkt

Bitdeer Tech

Grayscale Ethereum Staking ETF

Cyber Security Cloud, Inc.

Grayscale Litecoin Trust (LTC)

Kratos Defense & Security

Riot Platforms

Galaxy Digital

Solana

Coinbase

Bitfarms Canada

Franklin Bitcoin ETF

Invesco Galaxy Bitcoin ETF

WisdomTree Bitcoin Fund

CoinShares Bitcoin ETF

Bitwise Solana Staking ETF

ProShares Bitcoin Strategy ETF

VanEck Bitcoin ETF

Fidelity Wise Origin Bitcoin Fund - ETF

Bitwise Bitcoin ETF

Grayscale Bitcoin Adopters ETF

Grayscale Ethereum Mini Staking ETF

Amplify Transform Data Sharing ETF

Grayscale Solana Staking ETF

iShares Bitcoin Trust ETF

ARK 21Shares Bitcoin ETF

ZAWYA: Kaspersky discovers new SparkCat variant bypassing App Store and Google Play security