The Trojan That Passed Apple’s Review Twice
In February 2025, Kaspersky documented a crypto-stealing Trojan that had passed Apple’s App Store review — a first. They named it SparkCat. After accumulating 242,000+ downloads across Google Play, both stores removed the infected apps. In April 2026, the malware returned with significant upgrades, proving the original discovery was not isolated but the opening chapter of a persistent, evolving threat.
The implications extend beyond cryptocurrency. SparkCat demonstrates that official app store vetting — the security measure most users treat as impenetrable — has structural blind spots sophisticated attackers can exploit repeatedly.
How SparkCat Turns Photos Into an Attack Surface
SparkCat embeds itself within legitimate-looking applications — food delivery services, enterprise messengers, and gambling apps — and waits for a trigger to request photo gallery access. Once permission is granted through a contextually plausible prompt, the real operation begins.
The Trojan leverages Google’s ML Kit library to perform on-device optical character recognition (OCR), scanning every accessible image for text patterns matching cryptocurrency wallet recovery phrases — the 12- or 24-word mnemonic seed phrases that serve as the master key to a crypto wallet.
What makes SparkCat particularly dangerous is the OCR processing happens entirely on the device. No suspicious data is transmitted during scanning. Only when the malware identifies a match does it exfiltrate the image to a command-and-control server, using a custom protocol built in Rust — a language rarely used in mobile malware. The Android variant fetches encrypted configuration updates from GitLab repositories using AES-256 in CBC mode. The iOS version embeds the Rust-based networking module directly into the executable, using framework names like “Gzip” and “googleappsdk” to blend in.
The 2026 Variant: Substantially Upgraded
The April 2026 variant surfaced in at least two iOS apps and one Android app with major technical improvements.
Code virtualization. The Android payload now transforms malware logic into custom bytecode interpreted at runtime, making static analysis significantly harder — decompilers cannot reconstruct the original control flow.
Cross-platform obfuscation. The new variant employs multiple cross-platform languages beyond Rust, adding layers of indirection that frustrate both automated scanners and manual reverse engineering. These techniques suggest a well-resourced development team.
Expanded language targeting. The Android version scans for Japanese, Korean, and Chinese keywords, reflecting its focus on Asian crypto markets. The iOS variant targets English mnemonic phrases, giving it potentially global reach.
Persistent infrastructure. The connection to a related campaign Kaspersky dubbed SparkKitty — sharing build frameworks, infected apps, and attacker file paths — indicates a sustained operation. SparkKitty expanded the attack surface to trojanized versions of popular apps distributed through both official stores and scam websites.
Advertisement
Why App Store Review Failed Again
The malicious SDK masquerades as a legitimate analytics component — a Java class called “Spark” on Android that behaves like a standard module during review. The OCR scanning activates only when specific conditions are met: gallery access granted, configuration fetched from remote server. During review, the app performs its stated function normally.
Both Apple’s App Review and Google’s Play Protect rely on automated scanning and behavioral analysis during a limited testing window. SparkCat’s deferred, conditional activation specifically exploits this gap. As more apps legitimately use ML Kit, Core ML, and similar frameworks, distinguishing malicious on-device inference from benign on-device inference becomes exponentially harder.
On-Device AI as a Weapon
SparkCat represents an emerging class of threats that weaponize on-device machine learning. Rather than exfiltrating raw data to cloud servers (which network monitoring can detect), these attacks process data locally using the same ML frameworks that power legitimate features.
The original campaign operated undetected for nearly a year before disclosure. The 2026 variant’s rapid return suggests operators treated the initial takedown as a temporary setback. Chainalysis reported that crypto theft reached $3.4 billion in 2025, with individual wallet compromises surging to 158,000 incidents affecting 80,000 unique victims — and mobile-based attacks are an increasingly significant vector.
What You Should Do Now
Never photograph recovery phrases. Write them on paper, store them offline. If you have screenshots of seed phrases, delete them immediately — then check your wallet for unauthorized activity.
Audit app permissions. On iOS: Settings > Privacy > Photos. On Android: Settings > Apps > Permissions > Photos and Videos. Revoke access for any app without a clear need for it.
Remove suspicious apps. If you have installed apps matching SparkCat’s target categories (food delivery, messaging, gambling from unfamiliar publishers), remove them. Some infected apps were still available at the time of Kaspersky’s April 2026 disclosure.
Enable limited photo access. Both iOS and Android now offer granular photo permissions — share individual images rather than granting full gallery access.
Frequently Asked Questions
Can SparkCat steal data other than cryptocurrency recovery phrases?
Yes. While SparkCat’s primary payload targets crypto mnemonic phrases, the underlying OCR engine can be reconfigured via remote C2 updates to scan for any text pattern — passwords, banking credentials, or sensitive documents. The related SparkKitty variant already demonstrates broader image theft capabilities, and the malware’s modular architecture allows operators to expand targeting without modifying the installed app.
Is deleting the infected app enough to remove SparkCat?
Removing the app eliminates the active malware, as SparkCat operates within the app sandbox on both iOS and Android without installing persistent rootkits. However, any images already exfiltrated cannot be recovered. If you suspect compromise, assume any recovery phrases or credentials visible in your photo gallery are compromised — move crypto to a new wallet with a freshly generated seed phrase and change any passwords visible in screenshots.
How can I tell if an app on my phone is infected with SparkCat?
SparkCat is designed to be invisible to end users — infected apps function normally while OCR scanning runs silently. Kaspersky’s consumer products detect it as HEUR:Trojan.IphoneOS.SparkCat and HEUR:Trojan.AndroidOS.SparkCat. Beyond antivirus scanning, the strongest indicator is an app requesting full photo gallery access without clear functional need, especially during unusual interactions like a support chat.
Sources & Further Reading
- SparkCat Crypto Stealer in Google Play and App Store — Securelist (Kaspersky)
- New SparkCat Variant in iOS, Android Apps Steals Crypto Recovery Phrases — The Hacker News
- The New SparkKitty Trojan Spy in App Store and Google Play — Securelist (Kaspersky)
- SparkCat: First OCR Trojan to Infiltrate the App Store — Kaspersky Blog
- Crypto-Stealing Apps Found in Apple App Store for the First Time — BleepingComputer
- 2025 Crypto Theft Reaches $3.4 Billion — Chainalysis
