here is the content you requested:
Security researchers have discovered several apps on the App Store and Google Play infected with the SparkCat crypto stealer malware. The apps contained a malicious SDK using optical character recognition (OCR) to steal “crypto wallet recovery phrases” from users’ screenshots. Notably, this is the first time such cryptocurrency-stealing malware has been detected on Apple’s App Store.
Source: Gadgets360
We identified 10 malicious apps in Google Play, and 11 in the App Store. At the time of publication, all malicious apps had been removed from the stores. The total number of downloads from Google Play alone exceeded 242,000 at the time of analysis, and our telemetry data suggests that the same malware was available from other sites and …
Source: Kaspersky
The infected apps were downloaded more than 242,000 times from Google play. This is the first known case of a stealer being found in the App Store. Spark SDK stealing your crypto
Source: BleepingComputer
sparkcat stealer: A Threat to Mobile Security
In a recent discovery by cybersecurity experts, a malicious software known as SparkCat Stealer has been identified in both the Apple App Store and Google Play Store. This stealer targets a wide range of applications, posing a notable threat to user data and privacy. According to Kaspersky, the affected apps span various categories, including cryptocurrency wallets, messaging platforms, and educational tools.
Affected Apps on Apple App Store
The list of affected apps on the Apple App Store includes:
- com.jjgj.jinhinalaabürate lilaabünabünab: A tool with an unclear purpose.
- com.qingwa.qingwa888lalaaa (Frog Qingwa): Possibly a gaming or entertainment app.
- com.blockchain.uttool(UT Tool 或 OGIUT): A blockchain-related tool.
- com.wukongwaimai.client (Wukong takeaway): Likely a food delivery service.
- com.unicornsoft.unicornhttpsforios(Unicorn HTTPS): An HTTPS tool for iOS.
- staffs.mil.CoinPark: Not publicly listed by military-related institutions.
- com.lc.btdj (abbreviation of a certain BTDJ tool): A specific tool with unclear functionality.
- com.baijia.waimai (BAIJIA 100 Takeaways): Another food delivery service.
- com.ctc.jirepaidui (maybe it’s urgent to queue): Possibly an urgent queueing tool.
- com.ai.gbet (AI application): An AI-based application.
- app.nicegram(Nicegram): Likely a messaging app.
- com.blockchain.ogiut (blockchain related): Another blockchain tool.
- com.blockchain.98ut (blockchain related): Yet another blockchain-related tool.
- com.dream.towncn (Dream Town): Possibly a game or educational tool.
- com.mjb.Hardwood.Test (MJB’s Hardwood Test Application): A test application.
- com.galaxy666888.ios (game or tool): Could be a game or utility.
- njiujiu.vpntest (99 VPN): A VPN service.
- com.qqt.jykj (JYKJ might potentially be educational technology): Likely an educational tool.
- com.ai.sport (ai sport): An AI-based sports application.
- com.feidu.pay (Fit Payment): A payment tool.
- app.ikun277.test (ikun277 test tool): A test tool.
- com.usdtone.usdtoneApp2(USDT One): A cryptocurrency wallet.
- com.cgapp2.wallet0 (CG wallet): Another cryptocurrency wallet.
- com.bbydqb(BBYDQB): Unclear functionality.
- com.yz.Byteswap.native(Byteswap): A native byteswap tool.
- jiujiu.vpntest (same as njiujiu.vpntest): Another VPN service.
- com.wetink.chat(WeTink Chat): A messaging app.
- com.websea.exchange (WebSea Exchange): A cryptocurrency exchange.
- com.customize.authenticator (customized validator): An authenticator tool.
- im.token.app (token.im cryptocurrency wallet): A cryptocurrency wallet.
- com.mjb.worldminer.new (World Miner World Miner): A mining tool.
- com.kh-super.ios.superapp (KH super application): A super app.
- com.thedgptai.event (DGPT tool): A DGPT tool.
- com.yz.Eternal.new (Eternal Eternal application): An eternal application.
- xyz.starohm.chat(Starohm Chat): A messaging app.
- com.crownplay.luckyaddress1 (Crown Play lucky address): A lucky address tool.
Affected Apps on Google Play
The list of affected apps on Google Play includes:
- com.crownplay.vanity.address: A vanity address tool.
- com.atvnewsonline.app: Likely a news app.
- com.bintiger.mall.android: An e-commerce app.
- com.websea.exchange: A cryptocurrency exchange.
- org.safew.messenger: A messaging app.
- org.safew.messenger.store: The store for the Safew Messenger.
- com.tonghui.paybank: A payment bank app.
- com.bs.feifubao: An unclear functionality app.
- com.sapp.chatai: Likely a chatbot app.
- com.sapp.starcoin: Possibly a cryptocurrency app.
The Impact of SparkCat Stealer
The SparkCat Stealer poses a significant risk to users, as it can compromise sensitive data, including cryptocurrency wallets, messaging platforms, and other personal information. Users are advised to be cautious when downloading apps from both the Apple App store and Google Play Store. It is essential to check the app’s reviews, developer information, and permissions before installing any application.
Conclusion
The discovery of the SparkCat Stealer highlights the importance of cybersecurity in the mobile app ecosystem. Users must remain vigilant and take necessary precautions to protect their data. For more information on cybersecurity best practices, visit Kaspersky’s report.
Key points Summary
| App Name | Category | potential risk |
|———————————–|————————-|——————————-|
| com.jjgj.jinhinalaabürate lilaabünabünab | Tool | Unclear functionality |
| com.qingwa.qingwa888lalaaa (Frog Qingwa) | Game/Entertainment | Unclear functionality |
| com.blockchain.uttool(UT Tool 或 OGIUT) | Blockchain | Data theft |
| com.wukongwaimai.client (Wukong takeaway) | Food Delivery | Data theft |
| com.unicornsoft.unicornhttpsforios(Unicorn HTTPS) | HTTPS Tool | Data theft |
| staffs.mil.CoinPark | Military-related | Data theft |
| com.lc.btdj (abbreviation of a certain BTDJ tool) | tool | Data theft |
| com.baijia.waimai (BAIJIA 100 Takeaways) | Food Delivery | Data theft |
| com.ctc.jirepaidui (maybe it’s urgent to queue) | Queueing | Data theft |
| com.ai.gbet (AI application) | AI | Data theft |
| app.nicegram(Nicegram) | Messaging | Data theft |
| com.blockchain.ogiut (blockchain related) | Blockchain | Data theft |
| com.blockchain.98ut (blockchain related) | Blockchain | Data theft |
| com.dream.towncn (Dream Town) | Game/Educational | Data theft |
| com.mjb.Hardwood.Test (MJB’s Hardwood Test Application) | Test Tool | Data theft |
| com.galaxy666888.ios (game or tool) | Game/Tool | data theft |
| njiujiu.vpntest (99 VPN) | VPN | Data theft |
| com.qqt.jykj (JYKJ may be educational technology) | Educational | Data
The Art of Journalism: Dos and Don’ts for Aspiring Writers
In the dynamic world of journalism,crafting a compelling news piece requires more than just a knack for storytelling. It demands adherence to best practices, a keen eye for detail, and a deep understanding of what makes a story engaging. Let’s delve into the essential dos and don’ts of writing a piece of journalism, drawing insights from expert guides and practical tips from seasoned journalists.
Dos of Writing a Piece of Journalism
- Focus on the Lead: The lead, or introduction, is the most critical part of your article. It should be a single sentence that summarizes the main points of the story. As noted by ThoughtCo, “The lede should summarize the story from start to finish” [[3]]. This sets the tone and captures the reader’s attention immediately.
- Provide Value Above the Fold: In the digital age,readers often don’t scroll down. Ensure that the most crucial information is visible without scrolling. As wikiHow advises, “When writing a news article, you should focus on giving your readers what they wont as soon as possible. Write above the fold” [[2]].
- Master the basics: effective journalism requires a solid grasp of fundamental skills.The Writer’s Digest Guide to Journalism emphasizes the importance of actionable advice, tips, and techniques that come straight from the field [[1]].
- Be Thorough in Research: Accuracy and thoroughness are paramount. Ensure your facts are verified and your sources are reliable. This builds credibility and trust with your audience.
- Engage with Your Audience: Use a conversational yet complex tone. This makes your writing more approachable and engaging. Varied sentence lengths also contribute to a dynamic reading experience.
Don’ts of Writing a Piece of Journalism
- Avoid Overly Complex language: simplicity is key. Avoid jargon and complex terms that may confuse your readers.Stick to clear, concise language.
- Don’t Neglect the Facts: Accuracy is non-negotiable. Double-check your facts and ensure your story is well-researched. Inaccuracies can damage your credibility.
- Steer Clear of Opinion: Journalism should be objective. Avoid injecting personal opinions into your articles. Stick to the facts and let the story speak for itself.
- Don’t Overlook Ethics: Journalistic integrity is crucial. Always adhere to ethical guidelines and maintain clarity with your audience.
- Avoid Plagiarism: Originality is paramount. Ensure your work is plagiarism-free. cite your sources properly and give credit where it’s due.
Key Takeaways
Here’s a summary of the dos and don’ts to keep in mind while writing a piece of journalism:
| dos | Don’ts |
|——————————————————————–|———————————————————————–|
| focus on the lead | Avoid overly complex language |
| Provide value above the fold | Neglect the facts |
| Master the basics | Inject personal opinions |
| Be thorough in research | Overlook ethics |
| engage with your audience | Avoid originality |
Journalism is a craft that requires continuous learning and betterment. By adhering to these best practices, aspiring journalists can produce engaging, well-researched, and credible news pieces that resonate with their audience.
For more insights into the art of journalism, consider exploring the extensive guides and tips available from reputable sources like Writers Digest, wikiHow, and ThoughtCo.
