Apple and Google removed 20 malware-infected apps after researchers uncovered a year-long data theft campaign targeting cryptocurrency wallets and personal data.
What happened
Apple and Google have removed 20 apps from their respective app stores after researchers discovered they had been harboring data-stealing malware for nearly a year. Security researchers at Kaspersky identified the malware, named SparkCat, which had been active since March 2024. Initially detected in a food delivery app used in the UAE and Indonesia, the malware was later found in 19 other unrelated apps. Collectively, these apps were downloaded more than 242,000 times from Google Play before being taken down.
Going deeper
SparkCat used optical character recognition (OCR) technology to scan victims’ device screens and image galleries, searching for recovery phrases associated with cryptocurrency wallets. Capturing these recovery phrases allowed attackers to gain full control over victims' wallets and steal their funds. Additionally, the malware could extract personal information from screenshots, including messages and passwords, further increasing security risks.
Once Kaspersky reported the findings, Apple removed the infected apps from the App Store last week, with Google following shortly after. Google also banned the developers associated with the malicious apps.
What was said
Google spokesperson Ed Fernandez confirmed to TechCrunch that all identified apps had been removed from Google Play, and users were protected from known versions of SparkCat through Google Play Protect’s security features. Apple did not respond to requests for comment.
Kaspersky spokesperson Rosemarie Gonzales warned that although the infected apps were removed from official stores, the malware was still circulating on third-party websites and non-official app stores, posing an ongoing risk to users who download apps from unverified sources.
The big picture
Malicious apps continue to slip through security checks, proving that even trusted platforms are not foolproof. Cybercriminals are refining their tactics, shifting their focus to digital assets, and exploiting everyday tools to steal sensitive data. The fact that this malware remained undetected for nearly a year raises serious concerns about security gaps. Removing infected apps is a necessary response, but stronger prevention measures are needed. Users can’t rely on app stores alone and must take an active role in protecting their data by being cautious about what they download and how they manage their security.
FAQs
How can I check if I downloaded one of the infected apps?
If you installed apps from unofficial sources or unfamiliar developers, review your app list and compare it with security reports from researchers like Kaspersky. Google Play Protect can also scan for known threats.
What should I do if I had one of these apps on my phone?
Uninstall the app immediately, change your passwords (especially for financial accounts), and enable multi-factor authentication (MFA) to protect your data.
How can I protect my cryptocurrency wallet from similar threats?
Store recovery phrases offline, avoid sharing wallet details digitally, and use hardware wallets for added security. Regularly check your accounts for unauthorized transactions.
Are third-party app stores safe to use?
Many third-party stores lack rigorous security checks, making them a higher risk for malware. Stick to official app stores and verify app legitimacy before downloading.
What steps are Apple and Google taking to prevent future malware threats?
Both companies use security screening processes like Google Play Protect and Apple’s App Store review system, but threats still emerge. Users should remain vigilant and report suspicious apps.
Farah Amod
