Malicious App SOEX Removed From Google Play After 10K Downloads
A malicious mobile app, SOEX, has been removed from the Google Play Store after racking up over 10,000 downloads. The app, which combined messaging with cryptocurrency exchange, was found to be a variant of SparkKitty, a new malware affecting both Android and iOS devices.
SparkKitty, an evolution of SparkCat identified earlier this year, has been active since February 2024. It distributed through official and unofficial channels, including the Google Play Store and the Apple App Store. The malware varies its implementation between iOS and Android platforms, using deceptive frameworks and modules to evade detection.
SparkKitty's primary goal is to steal crypto wallet seed phrases. However, it also poses additional risks by exfiltrating all images found within an infected device's photo gallery. The malware indiscriminately steals these images, potentially exposing sensitive information. It has been linked to malicious apps like '币coin' on the Apple App Store and the now-removed 'SOEX' on the Google Play Store. Previously, SparkCat targeted cryptocurrency wallet recovery phrases using OCR technology.
The discovery of SparkKitty highlights the ongoing threat of mobile malware targeting cryptocurrency users. Users are advised to be cautious when downloading apps, even from official app stores. Regular security updates and careful app permissions management can help mitigate these risks.
