> We found Android and iOS apps, some available in Google Play and the App Store, which were embedded with a malicious SDK/framework for stealing recovery phrases for crypto wallets.<p>Wasn't the walled garden model supposed to protect from this ?
It's written in Rust:<p>> The malware, which we dubbed “SparkCat”, used an unidentified protocol implemented in Rust, a language untypical of mobile apps, to communicate with the C2.<p>So all the Hacker News folks will probably think it's great.