{"id":11437,"date":"2025-02-05T10:16:56","date_gmt":"2025-02-05T10:16:56","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=11437"},"modified":"2025-02-05T10:16:56","modified_gmt":"2025-02-05T10:16:56","slug":"malicious-sdks-on-google-play-and-app-store-steal-crypto-seed-phrases-kaspersky","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=11437","title":{"rendered":"Malicious SDKs On Google Play And App Store Steal Crypto Seed Phrases: Kaspersky"},"content":{"rendered":"
\n

Cybersecurity firm Kaspersky Labs has uncovered a sophisticated malware campaign targeting cryptocurrency users through malicious software development kits (SDKs) embedded in mobile apps on Google Play and the Apple App Store. <\/span><\/p>\n

These compromised apps use an optical character recognition (OCR) tool to scan users\u2019 photos for crypto wallet recovery phrases, allowing hackers to drain funds from affected wallets.<\/span><\/p>\n

In a 4\u00a0<\/span>February 2025 report<\/span><\/a>, Kaspersky analysts Sergey Puzan and Dmitry Kalinin detailed how the malware, known as SparkCat, infiltrates devices and searches for images containing recovery phrases using keyword detection across multiple languages. <\/span><\/p>\n

EXPLORE:\u00a0<\/span>10 Coins with High Returns: Crypto Forecast 2025<\/span><\/a><\/strong><\/p>\n

Seed Phrases Allow Attackers to Access Crypto Wallets<\/span><\/h2>\n

Once extracted, these phrases grant attackers complete access to victims\u2019 crypto wallets. \u201cThe intruders steal recovery phrases for crypto wallets, which are enough to gain full control over the victim\u2019s wallet for further theft of funds,\u201d the researchers wrote. <\/span><\/p>\n

They also warned that the malware\u2019s flexibility enables it to steal other sensitive data, such as passwords and private messages captured in screenshots.<\/span><\/p>\n

On Android,<\/span> the malware disguises itself as a Java-based analytics module called Spark and receives operational updates via an encrypted configuration file stored on GitLab.<\/span> It employs Google\u2019s ML Kit OCR to extract text from images stored on infected devices. <\/span><\/p>\n

If a recovery phrase is detected, the malware transmits it to attackers, who can <\/span>then<\/span> import the victim\u2019s crypto wallet onto their own devices without needing a password.<\/span><\/p>\n

Kaspersky estimates that SparkCat has been downloaded approximately 242,000 times since its emergence in March 2023, primarily targeting users in Europe and Asia.<\/span><\/p>\n

\n

Since mid-2024, we\u2019ve been tracking a sophisticated Android malware campaign that exploits wedding invitations to deceive users into installing a malicious APK\u2014Tria Stealer.<\/p>\n

Once installed, this malware intercepts SMS messages, tracks call logs, and steals data from Gmail and\u2026 pic.twitter.com\/TQbQjHvmjm<\/a><\/p>\n

\u2014 Kaspersky (@kaspersky) February 3, 2025<\/a><\/p>\n<\/blockquote>\n