SparkCat: Multi-Platform Malware Spreading Through App Stores - 1

Image by James Yarema, from Unsplash

SparkCat: Multi-Platform Malware Spreading Through App Stores

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Cybersecurity researchers from Kaspersky have uncovered a new malware campaign dubbed “SparkCat,” targeting both Android and iOS users through official app stores, including Google Play and the Apple App Store.

In a Rush? Here are the Quick Facts!

  • SparkCat malware campaign targets government and telecom entities worldwide.
  • Attackers use modified open-source tools for initial access and persistence.
  • SparkRat, a multi-platform RAT, enables remote control of infected systems.

Kaspersky says that this marks the first instance of a stealer being found within Apple’s ecosystem, raising concerns over security vulnerabilities in mobile applications.

The malware, embedded within a malicious software development kit (SDK), was discovered in Android and iOS applications that had amassed over 242,000 downloads.

SparkCat primarily functions as an optical character recognition (OCR) stealer, scanning images in users’ device galleries to extract crypto wallet recovery phrases. This technique allows attackers to bypass traditional security measures and gain unauthorized access to victims’ digital assets.

ESET’s investigation traced SparkCat’s activity back to March 2024. The malware operates by utilizing an OCR plug-in built with Google’s ML Kit library to identify and extract sensitive text from images.

The stolen data is then sent to a command-and-control (C2) server using a communication protocol implemented in Rust—a programming language rarely used in mobile applications, further obfuscating its operations.

One of the infected apps, a food delivery service named “ComeCome,” was found on Google Play with over 10,000 downloads. TIn its version 2.0.0, the app secretly included harmful software called “Spark.”

Once installed, Spark connected to a GitLab repository to download hidden instructions, which it decoded and decrypted. If that failed, it used backup settings already built into the malware.

To steal data, the malware used strong encryption before sending it to a hacker-controlled server. It layered encryption methods, including AES-256, RSA keys, and compression, making it hard for security experts to track or crack the stolen information.

Infected apps prompted users to grant access to their photo galleries under the pretense of customer support interactions. If permission was granted, the malware actively searched for crypto-related keywords in multiple languages, including English, Chinese, and French, to identify valuable recovery phrases.

Security experts warn users to exercise caution when downloading apps, even from official sources, and to regularly audit app permissions to mitigate potential threats.

The discovery of SparkCat underscores the persistent risks posed by sophisticated malware campaigns within trusted digital marketplaces.

Google Expands Public Access To Gemini 2.0 AI Models - 2

Image by Hanna Wei, from Unsplash

Google Expands Public Access To Gemini 2.0 AI Models

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Google has announced the public release of its Gemini 2.0 Flash model via the Gemini API in Google AI Studio and Vertex AI, allowing developers to integrate the model into production applications.

In a Rush? Here are the Quick Facts!

  • Google released Gemini 2.0 Flash for public use via API in AI Studio, Vertex AI.
  • Gemini 2.0 Pro Experimental is now available for coding and complex prompts.
  • Google launched Gemini 2.0 Flash-Lite, a cost-efficient AI model, in public preview.

Alongside this, an experimental version of Gemini 2.0 Pro, designed for coding and complex prompts, is now publicly accessible in Google AI Studio, Vertex AI, and for Gemini Advanced users in the Gemini app.

The model features a 2 million token context window, enhanced reasoning capabilities, and tool-calling functionalities like Google Search and code execution.

Additionally, Google has introduced Gemini 2.0 Flash-Lite, a cost-efficient model optimized for speed and affordability. Flash-Lite retains the 1 million token context window of 2.0 Flash while offering improved quality over its predecessor, 1.5 Flash. It is now available for public preview in Google AI Studio and Vertex AI.

Gemini 2.0 Flash Thinking Experimental will also be accessible via the Gemini app on desktop and mobile, with multimodal input supported at launch and expanded features expected in the coming months.

The release of Gemini 2.0 models comes as DeepSeek , a Chinese AI model, is also making its public debut. The timing could signal Google’s response to increasing competition in the AI space, particularly as companies race to make their models widely available.