Malware on your smartphone: Here's how to protect yourself from wallet theft

A new form of malicious software called SparkCat is currently spreading at lightning speed. According to a report by two security experts from Kaspersky this malware has been found in both iOS and Android apps. At worst, users can lose their stored crypto currencies if their smartphones become infected.

How does the malware work?

SparkCat is hidden in a Software Development Kit (SDK), a development package used in several apps. This allowed the malware to spread undetected and possibly up to 242,000 times be downloaded.

Once active, SparkCat automatically scans the user's photo gallery for screenshots of wallet-recoveryphrases - the recovery phrases needed to access a cryptowallet. If these fall into the hands of cybercriminals, they can use the empty wallets easily.

Which apps are affected?

According to the report, the popular food delivery app ComeCome, widely used in the United Arab Emirates and Indonesia, among others, is infected with the malicious SDK. In Europe, this app is not available.

The Apple App Store also has potentially infected apps, including the app WeTink, available in Germany.

How long has SparkCat been in business?

The researchers suspect that SparkCat has been active since March 2024. This is evident from timestamps in the malware files and configuration files found in repositories on GitLab.

How do you protect yourself?

• Check the list of infected apps in the Kaspersky report and remove them from your phone immediately.

• Do not use the apps again until they are updated and declared safe.

• Never keep screenshots of sensitive information, such as seedphrases or passwords.

• Consider a hardware wallet, which is considered more secure than a mobile wallet.