SparkCat malware returns to target Android and iOS users, hiding in innocent apps to try and steal your details

The malware primarily targets crypto users

News By Sead Fadilpašić published 6 April 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

An account already exists for this email address, please log in. Subscribe to our newsletter

• SparkCat infostealer hidden in iOS App Store and Play Store apps
• Targets cryptocurrency seed phrases via OCR and keywords
• New obfuscation techniques make detection more difficult

SparkCat, a mobile-first infostealer that targets people’s cryptocurrencies, is back with new upgrades that make it more difficult to spot.

Cybersecurity researchers Kaspersky claim to have found multiple apps both in the Apple App Store and the Google Play Store delivering the malware.

Apple and Google app repositories are generally safe, and knowing the size and the popularity of the platforms, both companies go the extra mile to make sure the apps offered there are clean. However, every once in a while, threat actors manage to work around the perimeter to smuggle malicious apps inside.

Article continues below

Hunting for mnemonics

In this case, Kaspersky said it discovered enterprise messengers and food delivery services apps hiding SparkCat.

This infostealer was first spotted in 2025, hunting for people’s mnemonic seeds, or “seed phrases” - a set of 12 or 24 seemingly random words which can be used to load a person’s cryptocurrency wallet on another device as a backup solution in case the device is lost or broken.

SparkCat recently made headlines for the way it used OCR (Optical Character Recognition) to extract seed phrases from photos and screenshots. It targeted primarily Asian users and, while the new version still does the same, it has taken a step further to potentially target Western users, as well.

The Android version still hunts for Japanese, Korean, and Chinese keywords. The iOS version, however, hunts for English mnemonics.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors