SparkKitty malware steals crypto seed phrase screenshots
Cybersecurity firm Kaspersky has identified SparkKitty, a malware targeting iOS and Android devices by stealing photos to capture cryptocurrency wallet seed phrases.
According to Kaspersky analysts Sergey Puzan and Dmitry Kalinin, SparkKitty infiltrates apps on the Apple App Store and Google Play, indiscriminately extracting all images from infected devices’ galleries.
The malware’s primary goal appears to be locating screenshots containing crypto wallet recovery phrases, though other sensitive images may also be compromised.
Two malicious apps distributing SparkKitty were found: 币coin, a crypto information tracker on the App Store, and SOEX, a messaging app with crypto exchange features on Google Play.
SOEX was installed over 10,000 times before Google removed it and banned its developer.
A Google spokesperson confirmed that Android users are protected by Google Play Protect against this app regardless of download source.
Kaspersky also discovered SparkKitty delivered via casino apps, adult-themed games, and fake TikTok clones.
SparkKitty is closely related to SparkCat, a malware identified in January that similarly scans photos for crypto wallet recovery phrases.
Both share features and file paths, suggesting a common origin.
“While not technically or conceptually complex, this campaign has been ongoing since at least the beginning of 2024 and poses a significant threat to users,” Puzan and Kalinin noted.
Unlike SparkCat, SparkKitty steals all photos rather than selectively targeting images.
The campaign mainly targets users in Southeast Asia and China, based on infected apps including Chinese gambling games and adult content.
“Judging by the distribution sources, this spyware primarily targets users in Southeast Asia and China,” the analysts said.
However, they added the malware has no technical restrictions preventing attacks on users in other regions.
Users are advised to exercise caution when downloading apps and to rely on security features like Google Play Protect to reduce infection risk.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Elon Musk Halts Project Under Political Pressure
Bitcoin Plunge Raises New Whale Manipulation Concerns
Phala Network (PHA) To Rally Higher? Key Fractal Pattern Signals Potential Upside Move
Crypto treasury stocks plunging in August after massive run-up
Share link:In this post: Crypto treasury stocks fell sharply in August after major summer gains. Ethzilla led the sector with a 114% rise, while others like Strategy dropped 16%. Companies backed by Tom Lee and Peter Thiel held up better than others.
Trending news
MoreCrypto prices
More
