Numerous fake artificial intelligence, Web3, and food delivery apps on Google's and Apple's app stores have been leveraged to deliver the SparkCat malware that compromises cryptocurrency wallets' mnemonic phrases as part of an attack campaign that has been underway since March, The Hacker News reports.
Both Android and iOS versions of SparkCat exploit the Google ML Kit library's optical character recognition model to facilitate the exfiltration of crypto wallet recovery phrase-containing images to attackers' command-and-control server via Rust, a report from Kaspersky revealed. "What makes this Trojan particularly dangerous is that there's no indication of a malicious implant hidden within the app. The permissions that it requests may look like they are needed for its core functionality or appear harmless at first glance," said Kaspersky researchers. Such a development comes after separate reports from security researcher Patrick Wardle and the Palo Alto Networks Unit 42 threat intelligence team detailing the increasing prevalence of newly emergent macOS malware and macOS infostealers' exploitation of the AppleScript framework, respectively.
