Close Menu
Invest Intellect
    Facebook X (Twitter) Instagram
    Invest Intellect
    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Commodities
    • Cryptocurrency
    • Fintech
    • Investments
    • Precious Metal
    • Property
    • Stock Market
    Invest Intellect
    Home»Cryptocurrency»DeepSeek security risk – AI tool “vulnerable” to attacks, says report
    Cryptocurrency

    DeepSeek security risk – AI tool “vulnerable” to attacks, says report

    February 6, 20254 Mins Read



    • Apps delivering malware to users to steal crypto found on iOS app store
    • Some of these apps have thousands of installs across iOS and Android
    • The ‘SparkCat’ campaign has been active since March 2024

    Crypto-stealing malware dubbed ‘SparkCat’ has been discovered on iOS and Android app stores, and is embedded with a ‘malicious SDK/framework for stealing recovery phrases for crypto wallets’.

    A report from Kaspersky has identified malicious apps, some with upwards of 10,000 downloads, that scan the victims gallery to find keywords – if relevant images are found, they are then sent to a C2 server.

    This is the first time a stealer has been found in Apple’s App store, and this is significant because Apple reviews every entry to ‘help provide a safe and trusted experience for users’ – so these malware-infected apps show that the review process is not as robust as it should be.

    Although aimed at stealing cryptocurrency wallet recovery phrases, Kaspersky notes that the malware is ‘flexible enough’ to steal other sensitive data from victim’s galleries – here’s what we know.

    Multiple malicious apps

    The ‘SparkCat’ malware campaign was first discovered in late 2024, and is suspected to have been active since March 2024.

    The first app Kaspersky identified was a Chinese food delivery app, ComeCome. The app had over 10,000 downloads and was based in Indonesia and the UAE. The app was embedded with malicious content, and contained OCR spyware which chose images from the infected devices to exfiltrate and send to the C2 server.

    This wasn’t the only infected app though, and researchers found that infected apps available in Google Play had been downloaded a combined total of over 242,000 times. In 2024, over 2 million risky Android apps were blocked from the Play Store, including some which tried to push malware and spyware – so although Google is improving its protections, clearly some still make it through.

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    In the app store, some apps ‘appeared to be legitimate’, like the food delivery services, while others had apparently been built to ‘lure victims’. An example of this, researchers outlined, is a series of similar AI-featured ‘messaging apps’ by the same developer, including AnyGPT and WeTink.

    It’s not clear whether these infections are deliberate actions by developers, or are a result of supply chain attacks, but the report does note that the “permissions that it requests may look like they are needed for its core functionality or appear harmless at first glance.”

    “What makes this Trojan particularly dangerous is that there’s no indication of a malicious implant hidden within the app” Kaspersky adds.

    Mitigating malware

    If you have one of the infected apps installed on your device, Kaspersky of course recommends removing it and steering clear until a fix is released – the list of infected apps can be found here.

    There is software that can help protect your device, like antivirus software – and as a key part of this malware in particular is the exfiltration of sensitive data through screenshots, the best advice is to avoid storing passwords, confidential documents, or sensitive information in your gallery.

    Instead, check out the best password managers to securely store your information, as these present a much safer and convenient option to keeping your passwords in your photos. Make sure you don’t reuse passwords on multiple sites, and change your passwords regularly to avoid a breach.

    There are some tricks to avoid malware apps, and considering that dangerous malware apps have been found to have been installed millions of times, it’s always best to be safe.

    First of all, be wary of the warning signs. Go through the feedback and reviews – especially the negatives, as it’s likely someone else will have already flagged a bug. Be very suspicious of an app which asks for your existing social media credentials – as this could be criminals looking to hijack your account.

    You might also like



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Pakistan at risk of FATF grey list return over digital transactions, warns Pak Finance Minister Aurangzeb – World News

    Cryptocurrency

    FinMin raises alarm over unregulated digital deals

    Cryptocurrency

    MEDIROM launches cryptocurrency strategy with next-generation proof of human technology, World

    Cryptocurrency

    Ethereum Shatters Records, Surges 250% From April Lows, Why Is Cryptocurrency Rising? | Cryptocurrency News

    Cryptocurrency

    How the digital euro could change the way people pay

    Cryptocurrency

    AshToken: Empowering Nigerian businesses with cryptocurrency solutions

    Cryptocurrency
    Leave A Reply Cancel Reply

    Top Picks
    Investments

    Eshraq Investments’ net losses surpass $157mln in 2024

    Investments

    Le Tribunal de la concurrence d’Afrique du Sud approuve l’accord entre Slip Knot Investments 777 et Sanlam Life Insurance -Le 12 mars 2025 à 15:44

    Stock Market

    Vicinity Energy Honored with North America Utilities Deal of the Year Award at Proximo Congress 2025

    Editors Picks

    Become an Instant Billionaire with Your Investments

    July 8, 2025

    Justice Department shuts down its cryptocurrency team

    April 8, 2025

    Procimmo Real Estate Sicav progresse sur six mois -Le 28 février 2025 à 08:46

    February 27, 2025

    Green Card holders may be barred from buying property in Ohio USA – Investing Abroad News

    June 3, 2025
    What's Hot

    Ghana’s premier real estate event smashes records as country’s real estate market set to hit US$533.30 bn in 2025

    February 5, 2025

    ECB Targets October to Finish Digital Euro Preparation Phase

    March 10, 2025

    digital currency news & latest pictures from ibtimes.co.uk

    May 23, 2025
    Our Picks

    Property expert reveals the everyday item that could reduce your home’s value by £85,000

    August 24, 2025

    DefiTax.us Launches to Simplify Crypto Tax Reporting Amid U.S. Government’s Strategic Cryptocurrency Adoption

    March 24, 2025

    Bénéfice en hausse au premier trimestre pour Barwa Real Estate

    April 29, 2025
    Weekly Top

    Pakistan at risk of FATF grey list return over digital transactions, warns Pak Finance Minister Aurangzeb – World News

    August 24, 2025

    the nu-metal giants keep the hits rollin’ in

    August 24, 2025

    India’s outbound investments surge 67% in FY25, driven by ESG, GIFT City, global tax reforms: EY

    August 24, 2025
    Editor's Pick

    EPF calculator: Rs 5,000 monthly investment can help you build a Rs 3.5 crore retirement corpus – Know how – Money News

    August 18, 2025

    UK fintech Revolut valued at $45B

    August 16, 2024

    Dundee Precious Q2 2025 Financials: AISC Surge Overshadowed Record Adjusted EPS

    August 1, 2025
    © 2025 Invest Intellect
    • Contact us
    • Privacy Policy
    • Terms and Conditions

    Type above and press Enter to search. Press Esc to cancel.