Malcutal applications uploaded on Google’s Play Store or Apple’s App Store remain a problem for users worldwide. Google said it blocked more than 2.3 million risky Android apps alone in 2024.
Kaspersky Researchers have recently revealed a malware attack. The goal of the sparkcat, which was given by the Kaspaski name, was to obtain a cryptocurrency recovery code.
Description:
- Threat actor managed to upload the app on Google Play and App Store.
- Apps were also distributed through informal channels.
- Apps were embedded with a malicious SDK.
- Sparkcat is active from at least April 2024.
Kaspersky says Infected apps on Google Play were downloaded more than 240,000 times by users. After launching images on infected equipment for malware recovery code, an OCR plugin will be installed after launching to scan.
Good address: Cryptocurrency recovery code can be used to get access to the wallet. Codes discovered to the remote server for processing were sent.
Kaspersky mentions some applications names and how they were advertised on Google Play. The app Commakom-Chinese Food delivery showed the professional looking screenshots of the application. It was downloaded more than 10,000 times according to Kasperki and was popular in Indonesia and United Arab Emirates.
Another app mentioned by Kasperki is seated. It had more than 50,000 downloads on Google Play. The number of downloads from informal sources is unknown.
The following conclusion came after analysis of Kasperki Malware:
- It was mostly designed to target Android and iPhone users in Europe and Asia
- Some applications work in many countries.
- Some apps supported up signing up with the phone number.
Malware uses rust programming language, which is not widely used in the mobile app.
conclusion
Google and Apple use automatic security systems to detect apps during uploads, but at the same time they are published at the application store. These safety captures the vast majority of malware, but they are not correct.
This means that malicious app will remain a problem for users, even if they limit their download to official stores. This incident highlights that Apple’s rescue is also not impenetrable.
We have mentioned such attacks many times in the past. Ashwin mentioned the malicious Play Store apps in 2022, and I wrote about a malware, with 1.5 million Android devices infected in 2023. There are many such stories.
Mobile users should not be careless about apps that they download or install, but sometimes it is almost impossible to determine whether an app is valid or not without code analysis or careful monitoring.
It is a good idea to store important documents and information in safe apps. Many password managers support the storage of information, and then they are encrypted using algorithms similar to passwords.
What is your incident? Do you download and install apps regularly? Use a particular form of safety for important data? Let us know in the comment section below.
Thanks for reading..
