O'Grady's PowerPage

Tag: phrases

  • OCR-based crypto wallet theft programs surface in Apple, Android app stores

    OCR-based crypto wallet theft programs surface in Apple, Android app stores

    It’s a bit of a technical story about apps that wound up on both the Apple and Google app stores, but it’s interesting.

    In March 2023, a group of security researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users’ image galleries in search of crypto wallet access recovery phrases.

    The search used an OCR (Optical Character Recognition) model which selected images on the victim’s device to send to the C2 server. The campaign targeted Android and Windows users, with the malware spreading through unofficial sources. In late 2024, a new software campaign, dubbed “SparkCat,” used similar tactics while attacking Android and iOS users through both official and unofficial app stores.

    The researchers offered the following conclusions:

    • We found Android and iOS apps, some available in Google Play and the App Store, which were embedded with a malicious SDK/framework for stealing recovery phrases for crypto wallets. The infected apps in Google Play had been downloaded more than 242,000 times. This was the first time a stealer had been found in Apple’s App Store.
    • The Android malware module would decrypt and launch an OCR plug-in built with Google’s ML Kit library, and use that to recognize text it found in images inside the gallery. Images that matched keywords received from the C2 were sent to the server. The iOS-specific malicious module had a similar design and also relied on Google’s ML Kit library for OCR.
    • The malware, which we dubbed “SparkCat”, used an unidentified protocol implemented in Rust, a language untypical of mobile apps, to communicate with the C2.
    • Judging by timestamps in malware files and creation dates of configuration files in GitLab repositories, SparkCat has been active since March 2024.

    The article, which is linked below, details the technical elements of the malware and how the code was studied to determine what was going on and what resources and methods were being used. It’s an interesting read, and perfect if you’re interested in computer science and security.

    As always, be careful out there and we’ll have additional details as they become available.

    Via securelist

  • Philips Hue app updated to version 3.6.0, now supports Siri Shortcuts

    This could definitely come in handy.

    The Philips Hue app has been updated to version 3.6.0, the new version adding Siri Shortcuts for Hue in which Siri Siri learns when you are using your favorite scenes and suggests them for quick activation right on your lock screen, Siri search or Siri watch-face.

    Users can also record personal phrases to activate their favorite scenes and include them as actions in the Apple Shortcuts app.

    (more…)

  • WWDC: Apple announces iOS 12, focuses on Siri improvements, augmented reality, performance boosts, etc

    Apple dropped just about every announcement and update possible at its WWDC keynote today, among the most important being iOS 12, which will feature improvements to Siri, performance, communication, enhanced augmented reality tools, and addiction controls.

    The Siri fixes will hone in on responsiveness to users, including the ability to trigger Siri with key phrases called Shortcuts.

    Siri Shortcuts allow users to set up their own Siri triggers tied to Siri actions. This is better than straight training-the-user in that it’s users doing the doing, rather than developers doing the doing and customers having to train themselves.

    (more…)