---
title: "ZAWYA: Kaspersky discovers new SparkCat variant bypassing App Store and Google Play security"
type: "News"
locale: "en"
url: "https://longbridge.com/en/news/282001426.md"
description: "Kaspersky has discovered a new variant of the SparkCat Trojan that bypasses security on the App Store and Google Play. This malware, hidden in legitimate apps, targets cryptocurrency wallet recovery phrases and is primarily aimed at users in Asia. The updated version features advanced obfuscation techniques, making it harder to detect. Kaspersky recommends using reliable cybersecurity software and avoiding storing sensitive information in photo galleries. The company emphasizes the importance of security solutions to protect against evolving cyber threats."
datetime: "2026-04-08T08:19:39.000Z"
locales:
  - [zh-CN](https://longbridge.com/zh-CN/news/282001426.md)
  - [en](https://longbridge.com/en/news/282001426.md)
  - [zh-HK](https://longbridge.com/zh-HK/news/282001426.md)
---

# ZAWYA: Kaspersky discovers new SparkCat variant bypassing App Store and Google Play security

Kaspersky has identified a new variant of the SparkCat Trojan in the App Store and Google Play—a year after the crypto-stealing malware was first discovered and removed from both platforms. The Trojan hides inside legitimate-looking apps and scans users' photo galleries for cryptocurrency wallet recovery phrases.

The new version of SparkCat is distributed through infected legitimate apps—a messenger designed for enterprise communication and a food delivery app. Kaspersky experts found two infected apps on the App Store and one on Google Play, from which the malicious code has since been removed. Kaspersky telemetry shows that the apps infected with SparkCat are also distributed through third-party sources. A few of these web pages are mimicking the App Store if opened from an iPhone.

The updated variant of the Trojan for Android scans image galleries on the compromised devices for screenshots containing specific keywords in Japanese, Korean, and Chinese, leading Kaspersky experts to assess that this campaign primarily targets cryptocurrency assets of users in Asia. The iOS variant, however, takes a different approach as it scans for cryptocurrency wallet mnemonic phrases, which are in English. This makes the iOS variant potentially broader in reach, as it can affect users regardless of their region.

The updated SparkCat version for Android features multiple obfuscation layers compared to previous versions, including code virtualization and cross-platform programming language usage — techniques that are rare for mobile malware.

Kaspersky has reported known malicious applications to Google and Apple.

“The updated variant of SparkCat requests access to view photos in a user’s smartphone gallery in certain scenarios_—just_ like the very first version of the Trojan. It analyzes the text in stored images using an optical character recognition module. If the stealer finds relevant keywords, it sends the image to the attackers. Considering the similarities of the current sample and the previous one, we believe that the developers of the new version of malware are the same. This campaign again underscores the importance of using security solutions for smartphones to stay protect against a broad range of cyberthreats,” said Sergey Puzan, cybersecurity expert at Kaspersky.

“The SparkCat malware is an evolving mobile threat. Threat actors behind it constantly raise the complexity of the anti-analysis techniques, allowing it to bypass the review process of the official app stores. Moreover, methods used by the SparkCat developers, such as code virtualization and cross-platform programming language usage, are rare for mobile malware. This demonstrates the high skill of the threat actors,” added Dmitry Kalinin, cybersecurity expert at Kaspersky.

To avoid becoming a victim of this malware, Kaspersky recommends the following safety measures:

-   Use reliable cybersecurity software, like Kaspersky for Mobile — it can protect your data on smartphones from cyberattacks. Kaspersky for Android will prevent installation of the malware, while Kaspersky for iOS, due to the architectural characteristics of Apple’s OS, prevents an attempt to connect to the attackers’ command server and displays a warning to users.
-   Avoid storing screenshots containing sensitive information in your gallery, especially cryptocurrency wallet seed phrases. Such sensitive information as well as screenshots of important documents should be stored in specialized applications such as Kaspersky Password Manager.
-   Be careful even downloading apps from official stores, as it is not always risk-free.

**About Kaspersky**

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Send us your press releases to pressrelease.zawya@lseg.com

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

### Related Stocks

- [ABTC.US](https://longbridge.com/en/quote/ABTC.US.md)
- [CLSK.US](https://longbridge.com/en/quote/CLSK.US.md)
- [HUT.US](https://longbridge.com/en/quote/HUT.US.md)
- [BTC.US](https://longbridge.com/en/quote/BTC.US.md)
- [GBTC.US](https://longbridge.com/en/quote/GBTC.US.md)
- [3042.JP](https://longbridge.com/en/quote/3042.JP.md)
- [BKKT.US](https://longbridge.com/en/quote/BKKT.US.md)
- [BTDR.US](https://longbridge.com/en/quote/BTDR.US.md)
- [ETHE.US](https://longbridge.com/en/quote/ETHE.US.md)
- [4493.JP](https://longbridge.com/en/quote/4493.JP.md)
- [LTCN.US](https://longbridge.com/en/quote/LTCN.US.md)
- [KTOS.US](https://longbridge.com/en/quote/KTOS.US.md)
- [RIOT.US](https://longbridge.com/en/quote/RIOT.US.md)
- [GLXY.US](https://longbridge.com/en/quote/GLXY.US.md)
- [HSDT.US](https://longbridge.com/en/quote/HSDT.US.md)
- [COIN.US](https://longbridge.com/en/quote/COIN.US.md)
- [BITF.US](https://longbridge.com/en/quote/BITF.US.md)
- [EZBC.US](https://longbridge.com/en/quote/EZBC.US.md)
- [BTCO.US](https://longbridge.com/en/quote/BTCO.US.md)
- [BTCW.US](https://longbridge.com/en/quote/BTCW.US.md)
- [BRRR.US](https://longbridge.com/en/quote/BRRR.US.md)
- [BSOL.US](https://longbridge.com/en/quote/BSOL.US.md)
- [BITO.US](https://longbridge.com/en/quote/BITO.US.md)
- [HODL.US](https://longbridge.com/en/quote/HODL.US.md)
- [FBTC.US](https://longbridge.com/en/quote/FBTC.US.md)
- [BITB.US](https://longbridge.com/en/quote/BITB.US.md)
- [BCOR.US](https://longbridge.com/en/quote/BCOR.US.md)
- [ETH.US](https://longbridge.com/en/quote/ETH.US.md)
- [BLOK.US](https://longbridge.com/en/quote/BLOK.US.md)
- [GSOL.US](https://longbridge.com/en/quote/GSOL.US.md)
- [IBIT.US](https://longbridge.com/en/quote/IBIT.US.md)
- [ARKB.US](https://longbridge.com/en/quote/ARKB.US.md)

## Related News & Research

- [Hut 8 Commits $16 Million to Expand Water Infrastructure in West Feliciana Parish | HUT Stock News](https://longbridge.com/en/news/286894933.md)
- [Alchemy Pay Joined Mastercard Crypto Partner Program](https://longbridge.com/en/news/286301179.md)
- [Robinhood's (HOOD) Crypto Revenue Collapsed. The Business Did Not](https://longbridge.com/en/news/286385984.md)
- [Bakkt stock: can it really the sustain insider-driven momentum on Tuesday?](https://longbridge.com/en/news/286953729.md)
- [Galaxy Digital Secures One of America’s Toughest Crypto Licences to Serve New York Institutions](https://longbridge.com/en/news/286847648.md)