Apple and Google take down malicious mobile apps from their app stores

Topics

recent

AI

Amazon

Image Credits:TechCrunch

Apps

Biotech & Health

mood

Image Credits:TechCrunch

Cloud Computing

Commerce

Crypto

go-ahead

EVs

Fintech

fundraise

Gadgets

Gaming

Google

Government & Policy

ironware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

privateness

Robotics

Security

societal

Space

Startups

TikTok

Transportation

Venture

More from TechCrunch

consequence

Startup Battlefield

StrictlyVC

Podcasts

picture

Partner Content

TechCrunch Brand Studio

Crunchboard

get through Us

Apple and Google have perpetrate as many as 20 apps from their respective app stores after security researchers found the apps were carrying datum - steal malware for almost a year .

certificate researcher at Kasperskysaid the malware , dubbed SparkCat , has been active since March 2024 . Initially , the researchers find the malicious model within a food delivery app used in the United Arab Emirates and Indonesia but later found the malware on 19 other , unrelated apps , which they say were cumulatively downloaded more than 242,000 times through Google ’s Play Store .

Using codification that ’s designed to capture text edition visible on the user ’s display — known as optical fictional character recognition ( OCR ) — research worker obtain the malware scan the image gallery on victims ’ machine for keywords to find recovery phrases for cryptocurrency wallets across various languages , including English , Chinese , Japanese , and Korean .

By using the malware to get a dupe ’s recovery phrases , attackers could gather complete ascendance over a victim ’s wallet and steal their store , the researchers found .

The malware could also turn on the extraction of personal information from screenshots , such as messages and password , the researchers say .

Upon receive the report from the investigator , Apple overstretch the compromise apps from the App Store last week , follow by Google .

“ All of the identified apps have been remove from Google Play , and the developer have been shun , ” Google spokesperson Ed Fernandez told TechCrunch .

Google ’s spokesperson also confirm that Android users were protect from have intercourse versions of this malware through the in - work up Google Play Protect protection feature .

Apple did not reply to requests for scuttlebutt .

Kaspersky representative Rosemarie Gonzales told TechCrunch that while the report apps were draw from the prescribed app stores , the party ’s telemetry data point suggested that the malware was also available from other websites and non - official app stores .