Kaspersky, a cybersecurity firm of Russian origin, has warned about a new threat that targets cryptocurrency holders with lax security practices. The crypto-stealing software, Sparkcat, has an embedded kit that scans the images on a user’s phone, seeking seeded phrases stored in the pictures.

Sparkcat uses optical character recognition (OCR) software, which allows the algorithm to read data directly from images and transform it into text. The model used for the task specifically searches for mnemonics, words that compose the seed phrases of each cryptocurrency, and facilitates the backup, archive, and recovery of private keys.

Kaspersky explained that the malware implemented obfuscation practices to hide its presence from security tools, making its detection complex. Also, the permissions required by these apps are similar to those required by normal apps, giving almost no tips on the presence of malicious software.

Chatai, one of the mentioned apps, masqueraded as an artificial intelligence (AI) prompt. It had this malware payload embedded and was available in app stores by late 2024. Several other food delivery service apps and AI chats are also infected.

Kaspersky identified 18 infected Android apps and 10 Ios apps, many still available in these stores. The security company found that these malicious apps had been downloaded over 242,000 times in these app stores, putting these users at risk of having their wallets drained.

The company recommended the immediate uninstallation of the apps involved before a patch is issued to contain and remove the scanning functionality of this software.

“Do not store screenshots with sensitive information in the gallery, including recovery phrases for access to cryptocurrency wallets. Passwords, confidential documents, and other sensitive data can be stored in special applications,” Kaspersky concluded.

While individuals were affected by this software, Kaspersky offered no numbers linked to these losses.

Read more: ‘Free Money’ Crypto Scam Uses Fake Wallets to Steal Your Funds

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。