Kaspersky Reveals Chinese Malware Apps Targeting Crypto Recovery Phrases

Kaspersky just revealed a giant malware operation dubbed SparkCat. The malware was placed on innocuous-seeming apps and searched users’ phones for crypto recovery phrases.

These apps could have successfully infected up to 242,000 people, but it’s not clear how much money SparkCat actually stole.

Kaspersky Reveals SparkCat

Kaspersky, one of the leading security firms, just identified a new data-stealing malware scheme called ‘SparkCat.’ The company has identified several similar malware attacks and security weaknesses over the last few years, building up a strong reputation.

Today, the firm found a new trojan targetting crypto users.

“Our experts have discovered a new data-stealing Trojan, SparkCat, active in the App Store and Google Play since at least March 2024. SparkCat leverages machine learning to scan image galleries, stealing cryptocurrency wallet recovery phrases, passwords, and other sensitive data hidden in screenshots,” the firm claimed.

According to Kaspersky, apps infested with the SparkCat malware were downloaded 242,000 times. These scammers used several fronts to attract new victims, hiding the malware in food delivery apps, AI chat clients, and other seemingly harmless programs.

These apps would access a user’s photo gallery, attempting to find their crypto wallet recovery phrases.

Kaspersky didn’t indicate how much money or crypto was stolen through SparkCat, but it was a highly sophisticated operation. It primarily targeted users in Europe and Asia, and the source code’s language led Kaspersky to conclude the perpetrators were Chinese.

The infected programs have subsequently been removed from app stores.

This incident is particularly noteworthy as crypto-related malware attacks were reportedly on the decline. Social media scams, particularly those involving meme coins, have netted huge returns using bold and well-constructed tactics.

However, Kaspersky’s research suggests that SparkCat ran a profoundly different operation.

As of now, it’s difficult to determine if SparkCat will be part of a new trend, as its efficiency is still being investigated. It managed to bypass an impressive amount of security and oversight protocols, but it nonetheless had a very indirect way of getting a payout.

The most insidious scams today use fake projects to prey upon investors’ greed. They don’t need this secrecy.