Kaspersky Warning: Crypto Malware in Android and IOS App SDK

Kaspersky Lab Says: Malicious Apps Found on Google Play & App Store

Malicious software development kit (SDK) in Android and iOS apps available on the Google Play Store and Apple App Store uses optical character recognition (OCR) stealers to steal recovery phrases for cryptocurrency wallets. They are scanning users' pictures to find crypto wallet recovery phrases to drain the funds.

In a report published on February 4, Kaspersky analysts Sergey Puzan and Dmitry Kalinin stated that after the malware known as SparkCat infects a device, it uses an optical character recognition (OCR) stealer to look for photographs using particular keywords in various languages.

Kaspersky Report: Warning on Malware 

According to Kaspersky, on Google Play alone, where download numbers are publicly available, the infected apps were downloaded over 242,000 times.

Analysts from Kaspersky advised using a password manager rather than storing private data in screenshots or a phone's photo gallery. Additionally, they advised deleting any dubious or compromised programs.

It should be mentioned that the malware's versatility enables it to take not just secret phrases but also other private information from the gallery, like message content or passwords that might be captured in screenshots.

How Malicious SDKs Operate in Mobile Apps

Attackers can take advantage of consumers without their knowledge thanks to malicious software development kits (SDKs), which are frequently included in mobile apps that appear to be authentic. Under the pretense of improving app functionality, these SDKs may ask for disproportionate rights, including access to storage, the camera, and images. After being given access, they use optical character recognition (OCR) technology to scan photographs and find private data, including recovery phrases for cryptocurrency wallets.

Malicious SDKs allow attackers to obtain illegal access to users' cryptocurrency balances, eventually emptying their wallets, by surreptitiously sending this data to distant servers under the control of cybercriminals. Because compromised apps may operate normally while engaging in illegal activity in the background, this stealthy type of data exfiltration makes identification challenging.

How to Protect Crypto Wallet from OCR Attacks

Protecting your cryptocurrency wallet from OCR-based attacks requires a combination of digital security practices and cautious behavior. Firstly, don’t store your recovery phrases in your screenshots, cloud storage, or note-taking apps, as malicious SDKs can scan these locations. Better you write them down on paper and keep them in a secure offline. Offline is more secure now.

Second, be mindful of app permissions—never give unnecessary access to your photos, camera, or storage, especially for apps that don’t need them to function and beware of applications that are not looking authorized. 

Additionally, only download apps from reputable developers with positive reviews and verified security practices. Even on official stores like Google Play and the Apple App Store, malicious apps can slip through. Using security-focused mobile software, such as anti-malware apps, can help detect and block potential threats.

Lastly, enable two-factor authentication for exchanges and wallets, ensuring an extra layer of security. Staying vigilant about your digital footprint and regularly monitoring your crypto accounts can help you detect and mitigate potential security breaches before they cause significant damage.