Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The SparkCat malware resurfaced in a new variant inside apps on the Apple App Store and Google Play Store, increasing the risk of mobile crypto wallet theft. The malware hides in benign-looking software and uses OCR to scan photo galleries for cryptocurrency wallet recovery phrases. Kaspersky said the iOS build may reach users beyond Asia, while the Android build adds obfuscation layers to hinder analysis.

Related Happenings

BTMOB Android RAT no-code builder malware activity

Malware Activity
First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: The **BTMOB** Android RAT is spreading through **phishing campaigns** across **Brazil and beyond**, raising the risk of **custom payload delivery** and **remote device takeover**....

Open Happening

Trapdoor Android malvertising and ad-fraud campaign

Campaign
First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Open Happening

Android 17 expands platform security and privacy protections

Security Tool/Service
First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

Open Happening

Apple and Google Messages beta rollout of cross-platform E2EE RCS

Security Tool/Service
First: 12.05.2026 16:00 Last: 12.05.2026 16:00 Sources 1

About this happening: Apple and Google have begun a **beta rollout** of **end-to-end encrypted RCS** between **iPhone** and **Android** devices, materially reducing carrier and in-transit visibility fo...

Open Happening

Google expands Binary Transparency for Android for production app verification

Security Tool/Service
First: 06.05.2026 12:13 Last: 06.05.2026 12:13 Sources 1

About this happening: Google expanded **Binary Transparency for Android**, adding a public verification system that helps detect unauthorized or modified Google app binaries. The rollout covers product...

Open Happening

Timeline

  1. 03.04.2026 12:10 2 articles · 1mo ago

    Kaspersky identifies new SparkCat variant in App Store and Google Play apps

    Initial Disclosure

    Kaspersky researchers identified a new SparkCat variant in apps on the Apple App Store and Google Play Store, where the malware hides in benign-looking software and uses OCR to scan photo galleries for cryptocurrency wallet recovery phrases. The Android build adds code virtualization and other obfuscation layers, scans Japanese, Korean, and Chinese keywords, and primarily targets cryptocurrency users in Asia, while the iOS build scans English mnemonic phrases and may affect users regardless of region. SparkCat had first been documented in February 2025 as an OCR-enabled trojan that exfiltrates images containing wallet recovery phrases from photo libraries.

    Show sources
    Open in new tab