TZUTC: -0500   
   MSGID: 75.consprcy@1:2320/105 2c0b67d6   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Screen reading malware found in iOS app stores for first time - and it might   
   steal your cryptocurrency   
      
   Date:   
   Thu, 06 Feb 2025 20:49:00 +0000   
      
   Description:   
   SparkCat malware is targeting unsuspecting iOS and Android app stores.   
      
   FULL STORY   
      
   Crypto-stealing malware dubbed SparkCat has been discovered on iOS and    
   Android app stores, and is embedded with a malicious SDK/framework for   
   stealing recovery phrases for crypto wallets.    
      
   A report from Kaspersky has identified malicious apps, some with upwards of   
   10,000 downloads, that scan the victims gallery to find keywords - if    
   relevant images are found, they are then sent to a C2 server.    
      
   This is the first time a stealer has been found in Apples App store, and this   
   is significant because Apple reviews every entry to help provide a safe and   
   trusted experience for users - so these malware-infected apps show that the   
   review process is not as robust as it should be.    
      
   Although aimed at stealing cryptocurrency wallet recovery phrases, Kaspersky   
   notes that the malware is flexible enough to steal other sensitive data from   
   victims galleries - heres what we know. Multiple malicious apps    
      
   The SparkCat malware campaign was first discovered in late 2024, and is   
   suspected to have been active since March 2024.    
      
   The first app Kaspersky identified was a Chinese food delivery app, ComeCome.   
   The app had over 10,000 downloads and was based in Indonesia and the UAE. The   
   app was embedded with malicious content, and contained OCR spyware which    
   chose images from the infected devices to exfiltrate and send to the C2   
   server.    
      
   This wasnt the only infected app though, and researchers found that infected   
   apps available in Google Play had been downloaded a combined total of over   
   242,000 times. In 2024, over 2 million risky Android apps were blocked from   
   the Play Store , including some which tried to push malware and spyware - so   
   although Google is improving its protections, clearly some still make it   
   through.    
      
   In the app store, some apps appeared to be legitimate, like the food delivery   
   services, while others had apparently been built to lure victims. An example   
   of this, researchers outlined, is a series of similar AI-featured messaging   
   apps by the same developer,  including AnyGPT and WeTink.    
      
   Its not clear whether these infections are deliberate actions by developers,   
   or are a result of supply chain attacks, but the report does note that the   
   permissions that it requests may look like they are needed for its core   
   functionality or appear harmless at first glance.    
      
   What makes this Trojan particularly dangerous is that theres no indication of   
   a malicious implant hidden within the app  Kaspersky adds.   
      
   Mitigating malware    
      
   If you have one of the infected apps installed on your device, Kaspersky of   
   course recommends removing it and steering clear until a fix is released -    
   the list of infected apps can be found here .    
      
   There is software that can help protect your device, like antivirus software    
   - and as a key part of this malware in particular is the exfiltration of   
   sensitive data through screenshots, the best advice is to avoid storing   
   passwords, confidential documents, or sensitive information in your gallery.    
      
   Instead, check out the best password managers to securely store your   
   information, as these present a much safer and convenient option to keeping   
   your passwords in your photos. Make sure you dont reuse passwords on multiple   
   sites, and change your passwords regularly to avoid a breach.    
      
   There are some tricks to avoid malware apps, and considering that dangerous   
   malware apps have been found to have been installed millions of times , its   
   always best to be safe.    
      
   First of all, be wary of the warning signs. Go through the feedback and   
   reviews - especially the negatives, as it's likely someone else will have   
   already flagged a bug. Be very suspicious of an app which asks for your   
   existing social media credentials - as this could be criminals looking to   
   hijack your account.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/screen-reading-malware-found-in-ios-app   
   -stores-for-first-time-and-it-might-steal-your-cryptocurrency   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426