Crypto Wallet At Risk: Hidden Threat in Android & iOS Apps

Crypto News Exploits

Crypto Wallet At Risk: Hidden Threat "SparkCat" in Android and iOS Apps

Written by Aaron S.,

Editor-In-Chief

Last Updated: February 05, 2025

Key Takeaways

SparkCat malware hides in app development tools, scanning images for crypto wallet recovery phrases via OCR;
Hackers use Google ML Kit’s OCR to extract wallet phrases from images, which gives them full control over victims' funds;
SparkCat has infected over 200,000 users since March 2024, mainly in Europe & Asia, via fake and real apps on major app stores.

Stop overpaying - start transferring money with Ogvio. Sign up, invite friends & grab Rewards now! 🎁

Crypto Wallet At Risk: Hidden Threat "SparkCat" in Android and iOS Apps

BITDEGREE IN YOUR SOCIAL FEED

A newly discovered malware hidden inside app development kits is targeting Android and iOS users by scanning stored images for crypto wallet recovery phrases, according to cybersecurity company Kaspersky Labs.

The malware, known as SparkCat, is embedded in software tools used to build apps for Google Play and the Apple App Store. Once installed, it searches for specific text in images, including wallet backup phrases, using optical character recognition (OCR).

“The intruders steal recovery phrases for crypto wallets, which are enough to gain full control over the victim’s wallet for further theft of funds,” wrote Kaspersky researchers Sergey Puzan and Dmitry Kalinin in a February 5 report.

Layer 2 Scaling Solutions Explained With Animations

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

SparkCat uses a Java-based component named Spark, which appears to be an analytics tool. It receives commands and updates from an encrypted file hosted on GitLab.

The malware then connects to Google ML Kit’s OCR feature, which scans images on the device for key phrases linked to crypto wallets. Once a phrase is found, attackers can access the wallet without needing the owner’s password.

Kaspersky estimates that SparkCat has been downloaded about 242,000 times since it first appeared in March 2024. It has mainly affected users in Europe and Asia, spreading through real and fake applications on major app stores.

Puzan and Kalinin noted:

Some apps, such as food delivery services, appear legitimate, while others are clearly built to lure victims — for example, we have seen several similar ‘messaging apps’ with AI features from the same developer.

Meanwhile, macOS malware recently gained traction, with reports warning of serious risks to millions of users. What is it? Read the full story.