Security researchers have again warned of clever theft apps which are targeted on Android and also on iPhone users for the first time. Sparkcat baptism malware is hidden in various incompatible apps that are sold about the official manufacturer’s shops Google Play and App Store, as reported by security company Kaspersky. This was the first time that such malware was discovered in Apple’s App Store. The group has now removed it.
Advertisement
Malware Photo Searchs through Medicine Library
Sewing is as simple as it is effective: Apps asks the user to allow the photo library to allow access to the photo library, for example if he wants to contact the app provider. If this is provided, the app scanns photos and above all the screenshots of the user according to certain conditions. According to the analysis, Google’s text recognition ML kit is used for this.
Potential hits then remove malware and upload it to the attacker’s server. They mainly relate to the knowledge of the seeds or restoration phrases of the crypto wallet that store users of convenience as a screenshot. With such phrases, the wallet can be restored directly to another device and all the cryptocurrency inherent in it can be stolen. Malware is flexible enough to read other sensitive data such as passwords or messages, Note kaspersky,
The ARM withdrew the CPU’s complaint against Qualcomm, continuing to process NuviaMalware aims at users in Europe
According to security researchers, stolen apps are still mainly aimed at users from Europe and Asia. The theft android versions were downloaded about 250,000 times; The calculation of how many download iOS versions is not clear.
Apps listed by Kaspersky are unclear. Some apps are clearly designed to run malware for this. However, it is also in legitimate apps in which nothing can be known about the developer or provider insect. For example, he could find his way in the apps otherwise well known as part of an SDK. How the malware removes the test processes of Google and Apple is not known.
Smartphone users can certainly prepare themselves against such malware: password and especially Crypto Wallet seed phrases should not usually be secured as screenshots or photos, which other, possibly on sensitive data Also applies. In addition, users should be suspicious, even if apps want admirable access rights. Photo access can be limited to iOS-like iOS, which is for individual images to release the entire media library.
(Lbe)
Process in Berlin: Speaker made school iPads money for digitization
