A sophisticated malware campaign named SparkCat has been discovered targeting cryptocurrency wallet users through fraudulent applications on both Apple App Store and Google Play Store. The malware employs advanced optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from users’ photo libraries.

Key Findings:
– Over 242,000 downloads reported from Google Play Store
– Campaign active since March 2024
– Targets primarily users in Europe and Asia
– Uses Google’s ML Kit library for OCR functionality
– Implements rare Rust-based C2 communication

The malicious apps pose as legitimate AI, food delivery, and Web3 applications, making detection challenging as they often provide actual functionality. The malware’s sophisticated design includes a Java component called Spark that disguises itself as an analytics module.

In a parallel development, researchers identified another mobile malware campaign, FatBoyPanel, targeting Indian Android users through WhatsApp. This campaign has:
– Affected approximately 50,000 users
– Collected 2.5GB of sensitive data
– Targeted multiple Indian states
– Used over 1,000 fake banking and government apps
– Employed hard-coded phone numbers for data exfiltration

The rise in mobile malware coincides with an increase in macOS malware, with 24 new families discovered in 2024, highlighting the growing sophistication of cyber threats across multiple platforms.

Users are advised to carefully verify applications before installation, even from official app stores, and remain vigilant against potential security threats.