Google and Apple Both remove harmful mobile apps from their app shops: Up to 20 apps have been removed from the app stores by Google and Apple after security experts discovered that the apps had been infected with malware that stole data for nearly a year.
Kaspersky security experts reported that the malware, known as SparkCat, has been in operation since March 2024. First discovered in a food delivery app used in Indonesia and the United Arab Emirates, the researchers eventually discovered the malware on 19 other, unrelated apps that, according to them, have been downloaded more than 242,000 times overall from Google’s Play Store.
Researchers discovered that the malware used optical character recognition (OCR) code, which is intended to capture text that is visible on the user’s screen, to search the image galleries on victims’ devices for keywords in order to locate recovery phrases for cryptocurrency wallets in a variety of languages, including English, Chinese, Japanese, and Korean.
Researchers determined that attackers might take full control of a victim’s wallet and steal their money by utilizing the virus to record the victim’s recovery phrases.
The researchers also noted that the malware might make it possible to collect private data, including passwords and messages, from screenshots.
Following receipt of the researchers’ report, Apple and Google removed the infected apps from the App Store last week.
TechCrunch was informed by Google spokesperson Ed Fernandez that “all of the identified apps have been removed from Google Play and the developers have been banned.”
According to Google’s representative, the built-in Google Play Protect security feature shielded Android users against known versions of this malware.
When asked for comment, Apple did not reply.
Despite the fact that the reported apps were removed from the official app shops, Rosemarie Gonzales, a representative for Kaspersky, told TechCrunch that the company’s telemetry data indicated that the virus was also accessible from unofficial app stores and other websites.