SparkKitty malware steals crypto seed phrase screenshots
Cybersecurity firm Kaspersky has identified SparkKitty, a malware targeting iOS and Android devices by stealing photos to capture cryptocurrency wallet seed phrases.
According to Kaspersky analysts Sergey Puzan and Dmitry Kalinin, SparkKitty infiltrates apps on the Apple App Store and Google Play, indiscriminately extracting all images from infected devices’ galleries.
The malware’s primary goal appears to be locating screenshots containing crypto wallet recovery phrases, though other sensitive images may also be compromised.
Two malicious apps distributing SparkKitty were found: 币coin, a crypto information tracker on the App Store, and SOEX, a messaging app with crypto exchange features on Google Play.
SOEX was installed over 10,000 times before Google removed it and banned its developer.
A Google spokesperson confirmed that Android users are protected by Google Play Protect against this app regardless of download source.
Kaspersky also discovered SparkKitty delivered via casino apps, adult-themed games, and fake TikTok clones.
SparkKitty is closely related to SparkCat, a malware identified in January that similarly scans photos for crypto wallet recovery phrases.
Both share features and file paths, suggesting a common origin.
“While not technically or conceptually complex, this campaign has been ongoing since at least the beginning of 2024 and poses a significant threat to users,” Puzan and Kalinin noted.
Unlike SparkCat, SparkKitty steals all photos rather than selectively targeting images.
The campaign mainly targets users in Southeast Asia and China, based on infected apps including Chinese gambling games and adult content.
“Judging by the distribution sources, this spyware primarily targets users in Southeast Asia and China,” the analysts said.
However, they added the malware has no technical restrictions preventing attacks on users in other regions.
Users are advised to exercise caution when downloading apps and to rely on security features like Google Play Protect to reduce infection risk.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Cobie: Long-term trading
Crypto Twitter doesn't want to hear "get rich in ten years" stories. But that might actually be the only truly viable way.
The central bank sets a major tone on stablecoins for the first time—where will the market go from here?
This statement will not directly affect the Hong Kong stablecoin market, but it will have an indirect impact, as mainland institutions will enter the Hong Kong stablecoin market more cautiously and low-key.
Charlie Munger's Final Years: Bold Investments at 99, Supporting Young Neighbors to Build a Real Estate Empire
A few days before his death, Munger asked his family to leave the hospital room so he could make one last call to Buffett. The two legendary partners then bid their final farewell.
Stacks Nakamoto Upgrade
STX has never missed out on market speculation surrounding the BTC ecosystem, but previous hype was more like "castles in the air" without a solid foundation. After the Nakamoto upgrade, Stacks will provide the market with higher expectations through improved performance and sBTC.
Trending news
MoreCrypto prices
More
