Researchers from Kaspersky determined that malicious programs are distributed in applications on Android and iOS mobile windows. Dmitry Kalinin and Sergey Puzan shared their In the campaign of the harmful programs that they called Sparkcat, which was probably active since March 2024.
“We cannot confirm with confidence whether the infection was the result of the attack of the supply chain or intentional actions by the developers,” the couple wrote. “Some of the applications, such as food delivery services, turned out to be legal, while others, obviously, were created to close the victims.”
The Kaspersky duo said that Sparkcat is a secretive operation, which, in the visible one, requests normal or harmless permits. Some of the applications in which the steam found malicious software for loading, including the application for delivery of food and the AIGPT and Wetink chat application.
The in question in the malware uses the optical recognition of characters (OCR) to view the library of photographs of the device in search of screenshots of phrases of recovery for crypto -cash. Based on their assessment, the infected Google Play applications were loaded more than 242,000 times. Kaspersky says: “This is the first known case of the application infected with Spyware OCR, found in the official Apple application market.”
Apple often promotes the strict safety of the App Store, and although cases of harmful programs were rare, this discovery is a reminder that a garden with a wall is not impenetrable for attacks.