Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Kaspersky researchers have identified malware distributed inside applications to both Android and iOS stores. Dmitry Kalinin and Sergey Busan shared investigation In a malware campaign, they called Sparkcat, which has been likely to be active since March 2024.
“We cannot emphasize with certainty whether the infection is the result of the supply chain attack or deliberate procedures by developers,” the couple wrote. “Some applications, such as food delivery services, seem legitimate, while others seem to have been built to attract victims.” They said Sparkcat is a surreptitious process that seems to be asking for natural or harmless permissions.
On February 6, Kaspersky updated its report to note that the affected applications were deleted from the application store. Apple confirmed that it removed 11 applications, adding that the joint applications by 89 apps were previously rejected or removed from the store.
The relevant malware uses recognition of visual letters (OCR) to review the device photo library, and search for clips of recovery phrases for the encryption governor. Based on their evaluation, the affected Google Play applications are downloaded more than 242,000 times. “This is the first known case for the application of the OCR spyware in the Apple official application market,” says Kaspersky.
Apple often promotes strict safety for the application store, and although malignant appearances were rare, this discovery is a reminder that the walled garden is not immune to attacks.
Update, 6 February, 2025, 5:15 pm East time: A review of an update from the Kaspersky report on the applications removed from the application store, as well as an additional context of Apple.
