Crypto Cat Burglar: The Sneaky App Stealing Your Coins on Apple and Android
Kaspersky eggheads warn of SparkCat, the first app with hidden optical character recognition spyware on Apple’s App Store, aiming to steal cryptocurrency. Masquerading as a food delivery service, ComeCome secretly snaps wallet recovery phrases from screenshots. Remember, keeping your seed phrases offline is as crucial as guarding your grandma’s secret cookie recipe!
Hot Take:
Well, who knew that in the world of high-stakes cryptocurrency, your iOS app might be more interested in playing Spot the Phrase than delivering your dinner? It turns out even Apple’s App Store isn’t impervious to a little OCR espionage! So remember folks, if an app promises food delivery and also asks for access to your photo gallery, it might just be hungry for your crypto keys instead of your culinary cravings.
Key Points:
- Kaspersky researchers discovered crypto-stealing malware in both Apple’s App Store and Google Play.
- The app, disguised as a food delivery service, uses OCR to snatch crypto wallet recovery phrases.
- The malware, dubbed SparkCat, targets users mainly in Europe and Asia.
- Neither Apple nor Google responded to inquiries about the malicious app’s presence.
- It’s unclear if the malware was introduced via a supply-chain attack or by the developers themselves.