PANews reported on February 5 that according to Cointelegraph, cybersecurity company Kaspersky Labs said that malware development kits used to make applications on the Google Play Store and Apple App Store are scanning user images to find recovery phrases for encrypted wallets, thereby stealing funds from them.

Kaspersky Labs said in the report that once the malware, called SparkCat, infects a device, it searches for images using specific keywords in different languages through an optical character recognition (OCR) stealer. The intruders steal recovery phrases for crypto wallets, which are enough to give them full control over the victim's wallet and further steal funds. It is worth noting that the flexibility of the malware enables it to steal not only secret phrases, but also other personal data from photo albums, such as message content or passwords that may be left on screenshots. The report recommends not to store sensitive information in screenshots or mobile phone albums, but to use a password manager. It also recommends deleting any suspicious or infected applications. The report said that the source of the malware is unclear and cannot be attributed to any known organization, but it is similar to a campaign discovered by ESET researchers in March 2023.