SparkKitty mobile malware targets Android and iPhone
Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER.
Researchers at cybersecurity firm Kaspersky recently identified SparkKitty. This malware appears to succeed SparkCat, a campaign first reported earlier this year that used optical character recognition (OCR) to extract sensitive data from images, including crypto recovery phrases.
SparkKitty goes even further than SparkCat. According to Kaspersky, SparkKitty uploads images from infected phones without discrimination. This tactic exposes not just wallet data but also any personal or sensitive photos stored on the device. While the main target seems to be crypto seed phrases, criminals could use other images for extortion or malicious purposes.
Kaspersky researchers report that SparkKitty has operated since at least February 2024. Attackers distributed it through both official and unofficial channels, including Google Play and the Apple App Store.
Kaspersky found SparkKitty embedded in several apps, including one called 币coin on iOS and another called SOEX on Android. Both apps are no longer available in their respective stores. SOEX, a messaging app with cryptocurrency-related features, reached more than 10,000 downloads from the Google Play Store before its removal.
On iOS, attackers deliver the malware through fake software frameworks or enterprise provisioning profiles, often disguised as legitimate components. Once installed, SparkKitty uses a method native to Apple's Objective-C programming language to run as soon as the app launches. It checks the app's internal configuration files to decide whether to execute, then quietly starts monitoring the user's photo library.
On Android, SparkKitty hides in apps written in Java or Kotlin and sometimes uses malicious Xposed or LSPosed modules. It activates when the app launches or after a specific screen opens. The malware then decrypts a configuration file from a remote server and begins uploading images, device metadata, and identifiers.
Unlike traditional spyware, SparkKitty focuses on photos, especially those containing cryptocurrency recovery phrases, wallet screenshots, IDs, or sensitive documents. Instead of just monitoring activity, SparkKitty uploads images in bulk. This approach makes it easy for criminals to sift through and extract valuable personal data.
1) Stick to trusted developers: Avoid downloading obscure apps, especially if they have few reviews or downloads. Always check the developer's name and history before installing anything.
2) Review app permissions: Be cautious of apps that request access to your photos, messages, or files without a clear reason. If something feels off, deny the permission or uninstall the app.
3) Keep your device updated: Install system and security updates as soon as they are available. These updates often patch vulnerabilities that malware can exploit.
4) Use mobile security software: The best way to safeguard yourself from malicious software is to have strong antivirus software installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices by visiting CyberGuy.com/LockUpYourTech.
Both Apple and Google removed the identified apps after being alerted, but questions remain about how SparkKitty bypassed their app review processes in the first place. As app stores grow, both in volume and complexity, the tools used to screen them will need to evolve at the same pace. Otherwise, incidents like this one will continue to slip through the cracks.
Do you think Google and Apple are doing enough to protect users from mobile malware and evolving security threats? Let us know by writing to us at Cyberguy.com/Contact.
Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER.
Copyright 2025 CyberGuy.com. All rights reserved.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Verge
43 minutes ago
- The Verge
Trump says he'll look into deporting Musk as fight over bill escalates
President Donald Trump and Elon Musk's fighting over the 'big, beautiful' domestic policy bill has returned to the spotlight, with the president telling reporters on Tuesday that 'we'll have to take a look' into deporting the billionaire. He also proposed targeting Musk via the Department of Government Efficiency (DOGE), saying, 'We might have to put DOGE on Elon. You know what DOGE is? DOGE is the monster that might have to go back and eat Elon.' Musk has been a longtime critic of Trump's budget bill, which he says he opposes because it will increase the budget deficit. However, a proposed removal of EV tax credits that help Tesla, where Musk is CEO, likely plays a role. After the pair traded insults in early June, both had retreated from publicly squabbling, and Musk deleted some of his posts on X — another of his companies — that linked Trump to Jeffrey Epstein, a convicted sex offender. Then, on Monday evening, as the US Senate worked through a 'vote-a-rama' in an attempt to pass the bill, Musk started posting on X again. He reiterated a threat to primary politicians who support the bill and said, 'If this insane spending bill passes, the America Party will be formed the next day.' Trump posted a response on Truth Social, implying that DOGE (which Musk led before publicly stepping down in May) could cut subsidies for Musk's companies. Without those subsidies, Trump said, 'Elon would probably have to close up shop and head back home to South Africa.' Trump's full response, posted on Truth Social: Elon Musk knew, long before he so strongly Endorsed me for President, that I was strongly against the EV Mandate. It is ridiculous, and was always a major part of my campaign. Electric cars are fine, but not everyone should be forced to own one. Elon may get more subsidy than any human being in history, by far, and without subsidies, Elon would probably have to close up shop and head back home to South Africa. No more Rocket launches, Satellites, or Electric Car Production, and our Country would save a FORTUNE. Perhaps we should have DOGE take a good, hard, look at this? BIG MONEY TO BE SAVED!!! Musk responded on X to Trump's comments, saying, 'So tempting to escalate this. So, so tempting. But I will refrain for now.
Bloomberg
an hour ago
- Bloomberg
Stock Movers: Tesla, Warner Bros., Constellation
Listen for comprehensive cross-platform coverage of the US market close as heard on Bloomberg Television, Bloomberg Radio, and YouTube with Romaine Bostick, Scarlet Fu, Carol Massar and Matt Miller. - Tesla (TSLA) shares fell today as investors expect vehicle deliveries to decline for the second consecutive quarter. CEO Elon Musk has assumed oversight of Tesla's sales in Europe and the US following the departure of longtime deputy Omead Afshar, people familiar with the matter said. Afshar was responsible for Tesla's sales and manufacturing operations in North America and Europe before leaving the EV maker late last month. Following his exit, Musk and Tom Zhu, a senior vice president, are divvying up reporting lines as Tesla looks to recover from another quarter of declining vehicle deliveries. Tesla likely delivered around 389,400 vehicles in the three months that ended in June, according to analysts' estimates compiled by Bloomberg. That would be down roughly 12% from a year earlier, following a 13% drop in the first quarter. - Warner Bros. Discovery (WBD) shares were lower after Advance/Newhouse sold 100 million shares for about $1.1 billion via a block trade, according to a recent filing. - Constellation Brands (STZ) reported earnings and profit trailed expectations in the first quarter due to weaker consumer demand for alcoholic beverages and higher costs from aluminum tariffs .Earnings excluding some items were $3.22 a share in the period, missing the average analyst estimate by 10 cents. The company's beer margins were hit by President Donald Trump's 25% tariff on imported aluminum cans — a key packaging material for its Mexican-made beers such as Modelo and Corona. Constellation is navigating multiple headwinds including tariffs, muted beer sales, and more drinkers cutting back on alcohol and turning to alternatives such as cannabis. The company has also cited a pullback among Hispanic consumers — who make up more than half of Modelo drinkers — amid concerns about inflation, immigration and job security.
Forbes
an hour ago
- Forbes
Granite Demos Show Green Excavation Power For AI Data Centers
Bulldozer on pile of dirtOther construction images: In a canyon accompanied by trailers and vehicles, a few dozen people wearing hardhats are watching a Cat 307.5 excavator at work cutting through hard stone. They're witnessing the Earthgrid company's Plasma Excavation System (PES) where the colossal machine, equipped with two 2500-kilowatt plasma torches, makes a clean border through granite. It's an exciting display, and it represents some of the biggest work being done in renewable tunneling and excavation processes The Environmental Impact Why does this kind of innovation help save the planet and reduce climate impact? For one thing, it makes it easier to put in things like powerlines and utilities underground, decreasing wildfire risks in certain parts of the country that are experiencing severe conflagrations and resulting property damage, as well as harmful emissions. The electric tunneling process replaces dirty diesel equipment, and explosives, which typically have their own impact. There's also the potential to do earth moving in a different way that's less intrusive. All of this combines to make Earthgrid's process very interesting to people who want to improve what we do with infrastructure. CEO Troy Helming was present at Davos talking about the need for such kinds of renewable activity. He's also been vocal about the breakthrough that the company is celebrating now. "(Our recent) developments illustrate a clear step in proving our TBR model and its potential to rapidly connect our underground electrical and fiber optic grid safely. No company has ever tried boring through rock with more than one plasma torch – much less through rock like greywacke or granite," Helming said in a press statement around the process of innovation. "We are excited to deploy our two-torch system on several upcoming customer projects." Coming Up On June 27, the company celebrated a Sierra Granite demo event in Raymond, California. The company chose the spot for its geology and its cache of White Sierra Granite. Helming describes the process this way: 'It's a robot with two lightsabers up front, just sort of vaporizing through rock and soil, with a Mandalorian jet pack on the back, blowing out all the little bits of rock, cornflake-sized bits of rock,' he said. 'And it can go so fast and so much cheaper than anything else out there, it's the power grid, transmission lines, our water pipelines, fiber… there are so many communities that don't have access to highspeed bandwidth. ..' That's one way that the green process will serve our need for energy in a future high-tech age, but here's another: Right now, innovators and big money partners are looking for ways to build out energy sources for large AI data centers. How this gets done is a big question in terms of environmental impact. 'As AI continues to grow rapidly, we're working on even better ways to cool servers efficiently, reduce water usage, and push sustainable, green computing forward,' says Johnson Eung at Supermicro, a top company working on server design. Together, many of these stakeholders will be looking to improve the ways that we usher in the most powerful IT systems ever to exist. That's probably a big deal.
