Kaspersky: Beware of cryptocurrency-stealing malware in Android and iOS app-making kits

Odaily News Malware development kits used to make apps on Google’s Play Store and Apple’s App Store are scanning users’ images for crypto wallet recovery phrases in order to steal the funds contained therein, cybersecurity firm Kaspersky Labs said.
Once the malware, called SparkCat, infects a device, it searches for images using specific keywords in different languages through an optical character recognition (OCR) stealer, Kaspersky analysts Sergey Puzan and Dmitry Kalinin said in a Feb. 4 report. "The intruder steals crypto wallet recovery phrases, which are sufficient to gain full control over the victim's wallet and thus further steal funds," the analysts wrote. "It should be noted that the flexibility of the malware allows it to steal not only secret phrases, but also other personal data in the gallery, such as message content or passwords that may remain on screenshots."
Additionally, on the Android app, the malware uses a Java component called Spark (which masquerades as an analysis module) and encrypted configuration files stored on GitLab (which provide commands and operational updates).
Analysts recommend not storing sensitive information in screenshots or the phone's photo gallery, but using a password manager, while also deleting any suspicious or infected apps.