OCR Crypto Stealers in Google Play and App Store

OCR Crypto Stealers in Google Play and App Store(securelist.com)

35 points by shifty1 1 year ago | 5 comments

mrighele 1 year ago |

> We found Android and iOS apps, some available in Google Play and the App Store, which were embedded with a malicious SDK/framework for stealing recovery phrases for crypto wallets.

Wasn't the walled garden model supposed to protect from this ?

dghlsakjg 1 year ago | |

Only if the guards you hire know what they are doing.

If you have ever been through the app review process, you know that it is opaque, flawed, and clearly being run by inexperienced or overworked people who just don't have time to do anything remotely resembling a security audit.

Terr_ 1 year ago | |

All of the fees, none of the work.

miohtama 1 year ago | | |

It's called scalable business model

fortran77 1 year ago |

It's written in Rust:

> The malware, which we dubbed “SparkCat”, used an unidentified protocol implemented in Rust, a language untypical of mobile apps, to communicate with the C2.

So all the Hacker News folks will probably think it's great.