Users of the popular Thai delivery app Wukong, beware of grey market activities and keep your wallets safe.
iPhone users, take note! Recently, the international cybersecurity firm Kaspersky has issued a warning that several apps on the App Store and Google Play have been infiltrated by malware. These apps scan users' photo albums to steal data, and downloading them could lead to the leakage of personal privacy and even banking passwords!
43 malicious apps infiltrate the App Store, scanning users' photo albums to steal data
Researchers at Kaspersky have recently discovered that some apps on the App Store and Google Play have been embedded with a malware called "SparkCat". In the App Store alone, as many as 43 apps have been infected.
This malware requests access to the device's photos and screenshots, and once permission is granted, "SparkCat" activates built-in Optical Character Recognition (OCR) to scan and analyze all the content in the photo album. It then uses keywords obtained from a remote server to filter information and steal various chat logs, bank account passwords, credit card details, and other important information.
The researchers suggest that "SparkCat" may have invaded the App Store platform through an infected software development kit (SDK), allowing some developers to embed malicious code into their apps unknowingly. There are even criminals who deliberately develop new apps and use free AI services to attract victims to download them.
List of affected apps on App Store/Google Play
The researchers also revealed that "SparkCat" mainly targets users in Asia and Europe, and have published a list of infected apps on the App Store and Google Play, as follows:
List of affected apps on the App Store
· im.pop.app.iOS.Messenger (IM+)
· com.hkatv.ios (ATV Asian Television)
· com.atvnewsonline.app (ATV News Online)
· io.zorixchange (Zorix Exchange)
· com.yykc.vpnjsq (VPN Accelerator)
· com.llyy.au (App usage in Australia, specifics unknown)
· com.star.har91vnlive (Star HAR91VN Live)
· com.jhgj.jinhulalaab (Jinhu Lalaab)
· com.qingwa.qingwa888lalaaa (Frog Qingwa)
· com.blockchain.uttool (UT Tool or OGIUT)
· com.wukongwaimai.client (Wukong Delivery)
· com.unicornsoft.unicornhttpsforios (Unicorn HTTPS)
· staffs.mil.CoinPark (Military-related institution's undisclosed app)
· com.lc.btdj (Some BTDJ tool abbreviation)
· com.baijia.waimai (BAIJIA Baijia Delivery)
· com.ctc.jirepaidui (Possibly "Quick Queue")
· com.ai.gbet (AI-related app)
· app.nicegram (Nicegram)
· com.blockchain.ogiut (Blockchain-related)
· com.blockchain.98ut (Blockchain-related)
· com.drenm.towncn (Dream Town)
· com.mjb.Hardwood.Test (MJB's Hardwood test app)
· com.galaxy666888.ios (Game or tool)
· njiujiu.vpntest (Jiujiu VPN)
· com.qqt.jykj (JYKJ possibly related to educational technology)
· com.ai.sport (AI Sport)
· com.feidu.pay (Feidu Payment)
· app.ikun277.test (ikun277 test tool)
· com.usdtone.usdtoneApp2 (USDT One)
· com.cgapp2.wallet0 (CG Wallet)
· com.bbydqb (BBYDQB)
· com.yz.Byteswap.native (Byteswap)
· jiujiu.vpntest (Same as njiujiu.vpntest)
· com.wetink.chat (WeTink Chat)
· com.websea.exchange (WebSea Exchange)
· com.customize.authenticator (Custom Authenticator)
· im.token.app (Token.im Cryptocurrency Wallet)
· com.mjb.WorldMiner.new (World Miner)
· com.kh-super.ios.superapp (KH Super App)
· com.thedgptai.event (DGPT Tool)
· com.yz.Eternal.new (Eternal App)
· xyz.starohm.chat (Starohm Chat)
· com.crownplay.luckyaddress1 (Crown Play Lucky Address)
List of affected apps on Google Play
· com.crownplay.vanity.address
· com.atvnewsonline.app
· com.bintiger.mall.android
· com.websea.exchange
· org.safew.messenger
· org.safew.messenger.store
· com.tonghui.paybank
· com.bs.feifubao
· com.sapp.chatai
· com.sapp.starcoin
PS: Many people have said that it's impossible for cold wallet exchanges downloaded from the Apple App Store to be fake, but the tactic of stealing data is indeed hard to guard against. Whether it's VPNs, delivery apps, payment apps, blockchain, game apps, or wallet apps, your U is clearly lost.
