Kasperskyβs Threat Research team has identified a new variant of the SparkCat trojan on the App Store and Google Play, the original form of which was previously detected and removed from both platforms a year ago. The latest βmutationβ is said to embed itself in βlegitimate-looking apps,β according to the cybersecurity company, and is designed to scan usersβ photo galleries for cryptocurrency wallet recovery phrases.
SparkCat Returns
In essence, the updated SparkCat variant was distributed via infected legitimate apps, including enterprise messaging tools (pictured above) and a food delivery app β so far, Kaspersky identified two affected applications on the App Store and one on Google Play, and the malicious code has since been removed once both platforms had been notified. Data from Kaspersky indicates that infected versions of these app are also being circulated through third-party sources, including websites that imitate the App Store interface when accessed from iOS devices.
As before, SparkCat uses optical character recognition (OCR) to scan image galleries for screenshots containing specific mnemonic phrases β the phrases used to open up cryptocurrency wallets as a failsafe option. Infected Android devices will look for such phrases in Japanese, Korean, and Chinese languages, so it is likely that the campaign targets Asian users primarily.
The new variant, however, also specifically targets English-based mnemonic phrases on iOS, so that potentially opens up to a significantly wider target audience to fish for cryptocurrency theft. On top of that, the Android version also utilizes multiple layers of obfuscation, including code virtualization and the use of cross-platform programming languages, which Kaspersky says are techniques not commonly observed in mobile malware.
The reason behind these are likely intended to complicate analysis and enable the malware to bypass app store review processes β and that is exactly how it managed to slip into App Store and Google Play undetected, so it has to be said that not everything within the sanctioned storefronts are 100% safe from malware. While the likelihood of catching malware is relatively low in official platforms, it is always good to double-check before you tap the install button.
Pokdepinion: Always practice caution, even in official app stores.
![[UPDATED: Statements] Forza Horizon 6 Dev Drops Multi-Millennial Ban Hammer To Cheater Before The Game Has Even Released - 58](https://cdn.pokde.net/wp-content/uploads/2026/05/12022254/fh6leakpermabancover-420x280.jpg "[UPDATED: Statements] Forza Horizon 6 Dev Drops Multi-Millennial Ban Hammer To Cheater Before The Game Has Even Released - 59")
