Apps Hide a Stealthy Crypto‑Theft Tool

"New studies show that a recent version of the SparkCat malware has slipped into apps on both iOS and Android stores. The program masquerades as everyday utilities—messaging tools, food delivery apps—and quietly scans users’ photo libraries for images that contain cryptocurrency wallet recovery phrases. Researchers found two infected titles on Apple’s App Store and one on Google Play, all aimed mainly at crypto users in Asia. The iOS strain differs from earlier releases: it looks for English mnemonic phrases, meaning it can target anyone who stores a phrase in an image. This broadens the danger beyond just local markets. The Android iteration adds extra layers of code obfuscation, using virtualization and cross‑platform languages to dodge analysis. It also searches for Japanese, Korean, and Chinese keywords, pointing to a clear focus on Asian markets.The malware’s core trick is optical‑character‑recognition (OCR). Once it finds a phrase, the image is sent to an attacker’s server. This method was first noted by security researchers in early 2025, and the latest tweaks show the threat is still evolving. Analysts suspect a Chinese‑speaking operator behind the operation, based on language clues and code similarities. Users who grant photo‑gallery access to any app can unknowingly feed this bot. Security experts advise installing trusted security tools on phones and staying cautious about app permissions, especially when downloading free utilities that request broad access. This new variant reminds us that even legitimate‑looking apps can hide dangerous code, and vigilance is key to protecting digital wallets. "