Kaspersky Threat Research expertise center has discovered a new data-stealing Trojan, SparkCat, active in AppStore and Google Play since at least March 2024. This is the first known instance of optical recognition-based malware appearing in AppStore. SparkCat uses machine learning to scan image galleries and steal screenshots containing cryptocurrency wallet recovery phrases. It can also find and extract other sensitive data in images, such as passwords.
Kaspersky has reported known malicious applications to Google and Apple.
