[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fehdjqJedjtXPu2wn08VfvhgCKOw7jLLJjmsEjKrZwzE":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":17,"created_at":18,"published_at":19,"article":20,"tags":23},"8df3a5d5-31bb-4f2f-b38f-f40b72a240a8","malicious-apps-bypass-store-security-to-steal-crypto-wallets","8bcd15f8-1362-4ca2-9fb1-1b20f8c6017a","Malicious Apps Bypass Store Security to Steal Crypto Wallets","Threat actors successfully infiltrated both Apple App Store and Google Play Store with legitimate-looking applications that contained hidden malware designed to steal cryptocurrency wallet recovery phrases. The SparkCat malware variant uses OCR technology to scan users' photo galleries for images containing wallet recovery phrases, then transmits this sensitive data to attacker-controlled servers. This demonstrates how supply chain attacks can bypass traditional security measures when users trust official app stores, highlighting the critical need for additional verification steps before downloading applications that handle sensitive financial data.","**Immediate actions:**\n- Review and remove any suspicious apps from devices, especially those requesting photo access\n- Move cryptocurrency wallet recovery phrases from device photo galleries to secure offline storage\n- Enable app permission reviews to restrict photo and network access for non-essential applications\n\n**Long-term improvements:**\n- Implement additional vetting processes beyond official app store approvals for business-critical applications\n- Establish policies prohibiting storage of sensitive recovery phrases in easily accessible formats like photos\n- Deploy mobile device management solutions to monitor and control app installations on corporate devices\n\n**Detection measures:**\n- Monitor network traffic for unusual data transmissions from mobile devices\n- Implement behavioral analysis tools to detect OCR-based scanning activities on endpoints",[12,13,14,15,16],"CIS Control 2 (Inventory and Control of Software Assets)","CIS Control 16 (Account Monitoring and Control)","NIST SP 800-124 (Guidelines for Managing the Security of Mobile Devices)","NIST CSF PR.DS-1 (Data-at-rest protection)","ISO 27001 A.14.2.8 (System security testing)","published","2026-04-03T10:08:13.152962+00:00","2026-04-03T10:08:13.063+00:00",{"id":7,"url":21,"title":22},"https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002Fnew-sparkcat-variant-in-ios-android.html","New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images",[24,30],{"id":25,"name":26,"slug":27,"description":28,"color":29},"7261eb8f-acd4-4d93-a489-7fdd652ec0ea","Security Awareness","security-awareness","Phishing, social engineering, human error","#22c55e",{"id":31,"name":32,"slug":33,"description":34,"color":35},"f0c2a0af-58aa-4128-87c9-6acd30f2dc48","Supply Chain","supply-chain","Third-party risk, compromised dependencies","#8b5cf6"]