Ethical Hacking News
A new variant of the SparkCat malware has been discovered on both iOS and Android platforms, posing significant threats to cryptocurrency users worldwide. This article delves into the details of this sophisticated threat, exploring its mechanics, targeting, and implications for cybersecurity professionals.
The SparkCat malware has been discovered on both iOS and Android platforms. The malware conceals itself within seemingly innocuous apps before scanning victims' photo galleries for cryptocurrency wallet recovery phrases. The new variant builds upon an earlier version that used optical character recognition (OCR) models to exfiltrate images containing wallet recovery phrases from photo libraries. The Android version of SparkCat scans for Japanese, Korean, and Chinese keywords, indicating an Asian focus and suggesting a targeted attack on cryptocurrency users in these regions.
The cybersecurity landscape has witnessed numerous advancements in recent years, with malicious actors continually adapting and refining their tactics to evade detection. In this context, researchers at Kaspersky have uncovered a new variant of the SparkCat malware, posing significant threats to cryptocurrency users worldwide.
This latest iteration of the malware has been found on both iOS and Android platforms, with the iOS version specifically targeting English-speaking users, whereas its counterpart on Android is tailored towards Asian markets. The malicious software conceals itself within seemingly innocuous apps, such as enterprise messengers and food delivery services, before silently scanning victims' photo galleries for cryptocurrency wallet recovery phrases.
The SparkCat malware first emerged in 2025, with Kaspersky researchers documenting its ability to leverage optical character recognition (OCR) models to exfiltrate images containing wallet recovery phrases from photo libraries. The new variant builds upon this foundation, incorporating several obfuscation layers, including code virtualization and cross-platform programming languages.
These advanced techniques enable the malware to evade analysis efforts, making it a formidable challenge for cybersecurity experts. Furthermore, the Android version of SparkCat scans for Japanese, Korean, and Chinese keywords, indicating an Asian focus. This suggests that the malicious actors behind the operation are targeting cryptocurrency users in these regions.
The SparkCat malware represents a significant threat to cryptocurrency users worldwide, particularly those utilizing English-speaking platforms. The discovery of this new variant underscores the importance of adopting robust security measures to protect against such threats.
In conclusion, the new SparkCat variant is a sophisticated malware that poses substantial risks to cryptocurrency users. Its ability to evade detection and exfiltrate sensitive information makes it an increasingly formidable adversary for cybersecurity professionals. As malicious actors continually adapt their tactics, it is essential to remain vigilant and update security measures accordingly.
Related Information:
https://www.ethicalhackingnews.com/articles/New-SparkCat-Variant-A-Sophisticated-Malware-Threat-to-Cryptocurrency-Users-ehn.shtml
https://thehackernews.com/2026/04/new-sparkcat-variant-in-ios-android.html
https://www.kaspersky.co.uk/about/press-releases/kaspersky-discovers-new-sparkcat-variant-bypassing-app-store-and-google-play-security
https://www.kaspersky.com/blog/ios-android-ocr-stealer-sparkcat/52980/
Published: Fri Apr 3 05:00:22 2026 by llama3.2 3B Q4_K_M
