In January 2025, Kaspersky researchers uncovered the SparkCat spyware campaign, which was aimed at gaining access to victims’ crypto wallets. The threat actor distributed apps containing a malicious SDK/framework.
This component would wait for a user to open a specific screen (typically a support chat), then request access to the device’s gallery. It would then use an OCR model to select and exfiltrate images of interest. Although SparkCat was capable of searching for any text within images, that campaign specifically targeted photos containing seed phrases for crypto wallets. The malware was distributed through unofficial sources as well as Google Play and App Store. Now, Kaspersky once again come across a new type of spyware that has managed to infiltrate the official app stores. The Researchers believe it is connected to SparkCat and also targets the cryptocurrency assets of its victims.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- French army will employ sci-fi writers to predict cyber threats
July 22, 2019
The French military is to assemble a team of science fiction writers to imagine possible future cyber threats and inject innovation into cyber defence. This will be a small group, known as the “Red Team” which will be comprised of four or five science fiction writers and or futurists. The team will be hired to “propose ...
- Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide
July 19, 2019
One of our honeypots detected a threat that propagates by scanning for open ports and brute forcing weak credentials, installing a Monero cryptocurrency miner and a Perl-based IRC backdoor as the final payload. The miner process is hidden using XHide Process Faker, a 17-year old open source tool used to fake the name of a ...
- Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections
July 19, 2019
A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network. According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From there the attackers asked their “friends” to open malicious documents. APT34, ...
- Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C
July 18, 2019
We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign’s techniques and procedures, and its indicators of compromise (IoCs). Our findings indicate that the campaign appears to be ...
- Mirai Botnet Sees Big 2019 Growth, Shifts Focus to Enterprises
July 18, 2019
The infamous Mirai internet of things botnet is spiking in growth while changing up its tactics, techniques and procedures so far in 2019, to target more and more enterprise-level hardware, It’s a state of affairs that presents a greater concern than ever before given the ongong migration to the cloud era, researchers said. According to researchers ...
- StrongPity APT Returns with Retooled Spyware
July 17, 2019
The APT group behind the sophisticated malware known as StrongPity (a.k.a. Promethium) has mounted a fresh spyware campaign that is still ongoing as of July 2019. The group has retooled with new malware to control compromised machines, according to researchers. “The new malware samples have been unreported and generally appear to ...