OCR Crypto Stealers in Google Play and App Store
securelist.com> We found Android and iOS apps, some available in Google Play and the App Store, which were embedded with a malicious SDK/framework for stealing recovery phrases for crypto wallets.
Wasn't the walled garden model supposed to protect from this ?
Only if the guards you hire know what they are doing.
If you have ever been through the app review process, you know that it is opaque, flawed, and clearly being run by inexperienced or overworked people who just don't have time to do anything remotely resembling a security audit.
All of the fees, none of the work.
It's called scalable business model
It's written in Rust:
> The malware, which we dubbed “SparkCat”, used an unidentified protocol implemented in Rust, a language untypical of mobile apps, to communicate with the C2.
So all the Hacker News folks will probably think it's great.