Kaspersky has discovered SparkKitty: a new Trojan spy on App Store and Google Play
Kaspersky researchers have discovered a new Trojan spy called SparkKitty which targets smartphones on iOS and Android. It sends images from an infected phone and information about the device to the attackers. This malware was embedded in apps related to crypto and gambling, as well as in a trojanized TikTok app, and was distributed on App Store and Google Play, as well as on scam websites. Experts suggest that the goal of the attackers is to steal cryptocurrency assets from residents of Southeast Asia and China. Users in KSA are also potentially at risk of facing a similar cyber threat.
Kaspersky has notified Google and Apple about the malicious apps. Certain technical details suggest that the new malware campaign is linked to the previously discovered SparkCat Trojan — malware (the first of its kind on iOS) with a built-in optical character recognition (OCR) module that allows it to scan image galleries and steal screenshots containing cryptocurrency wallet recovery phrases or passwords. The SparkKitty case is the second time in a year that Kaspersky researchers have found a Trojan stealer on App Store, following SparkCat.
iOS
On App Store, the Trojan pretended to be an app related to cryptocurrencies — 币coin. On phishing pages mimicking the official iPhone App Store, the malware was distributed under the guise of TikTok and gambling applications.
An alleged crypto exchange app, 币coin, on App Store
A webpage mimicking AppStore to install an alleged TikTok app through developer tools
A fake web store embedded into the alleged TikTok app
"One of the vectors for the Trojan's distribution turned out to be fake websites where the attackers tried to infect the victims' iPhones. iOS has several legitimate ways to install programs not from the App Store. In this malicious campaign, the attackers used one of them — special developer tools for distributing corporate business applications. In the infected version of TikTok, during authorization, the malware, in addition to stealing photos from the smartphone gallery, embedded links to a suspicious store in the person's profile window. This store only accepts cryptocurrencies, which increases our concerns about it,' explains Sergey Puzan, a malware expert at Kaspersky.
Android
The attackers targeted users both on third-party websites and on Google Play, passing off the malware as various crypto services. For example, one of the infected applications — a messenger called SOEX with a cryptocurrency exchange function — was downloaded from the official store over 10,000 times.
An alleged crypto exchange app, SOEX, on Google Play
Experts also found APK files of infected apps (these can be installed directly on Android smartphones bypassing official stores) on third-party websites that are likely related to the detected malicious campaign. They are positioned as investment crypto projects. The websites on which these applications were posted were advertised on social networks, including YouTube.
"After the apps were installed, they functioned as promised in their description. But at the same time, photos from the smartphone gallery were sent to the attackers. The attackers may later try to find various confidential data in the images, for instance, crypto wallet recovery phrases to access the victims' assets. There are indirect signs that the attackers are interested in people's digital assets: many of the infected apps were related to crypto, and the trojanized TikTok app also had a built-in store that accepted payment for goods only in crypto," comments Dmitry Kalinin, a malware expert at Kaspersky.
A detailed report about this attack is available on Securelist.com.
To avoid becoming a victim of this malware, Kaspersky recommends the following safety measures:
If you have installed one of the infected applications, remove it from your device and do not use it until an update has been released to eliminate the malicious functionality.
Avoid storing screenshots containing sensitive information in your gallery, including cryptocurrency wallet recovery phrases. Passwords, for example, could be stored in specialized applications such as Kaspersky Password Manager.
Reliable cybersecurity software, like Kaspersky Premium, can prevent malware infections. Due to the architectural features of the Apple operating system, the Kaspersky solution for iOS shows the user a warning if it detects an attempt to transfer data to the attacker's command server, and blocks the attacker from transferring data.
If an app asks for permission to access the phone's photo library, consider if this app really needs it.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Khaleej Times
7 hours ago
- Khaleej Times
Trump says 'very wealthy' group found to buy TikTok
President Donald Trump said Sunday a group of buyers had been found for TikTok, which faces a looming ban in the United States due to its China ties, adding he could name the purchasers in two weeks. "We have a buyer for TikTok, by the way," Trump said in an interview on Fox's Sunday Morning Futures with Maria Bartiromo. "Very wealthy people. It's a group of wealthy people," the president said, without revealing more except to say he would make their identities known "in about two weeks." The president also said he would likely need "China approval" for the sale, "and I think President Xi (Jinping) will probably do it." TikTok is owned by China-based internet company ByteDance. A federal law requiring TikTok's sale or ban on national security grounds was due to take effect the day before Trump's inauguration on January 20. But the Republican, whose 2024 election campaign relied heavily on social media and who has said he is fond of TikTok, put the ban on pause. In mid-June Trump extended a deadline for the popular video-sharing app by another 90 days to find a non-Chinese buyer or be banned in the United States. Tech experts quickly described the TikTok kerfuffle as a symbol of the heated US-China tech rivalry. While Trump had long supported a ban or divestment, he reversed his position and vowed to defend the platform -- which boasts almost two billion global users -- after coming to believe it helped him win young voters' support in the November election. "I have a little warm spot in my heart for TikTok," Trump told NBC News in early May. "If it needs an extension, I would be willing to give it an extension." Now after two extensions pushed the deadline to June 19, Trump has extended it for a third time. He said in May that a group of purchasers was ready to pay ByteDance "a lot of money" for TikTok's US operations. The previous month he said China would have agreed to a deal on the sale of TikTok if it were not for a dispute over Trump's tariffs on Beijing. ByteDance has confirmed talks with the US government, saying key matters needed to be resolved and that any deal would be "subject to approval under Chinese law."
Khaleej Times
7 hours ago
- Khaleej Times
UAE employees outpace EMEA peers in cyber confidence, study reveals
The UAE workforce is ahead of its EMEA peers across several indicators of cyber-readiness, underscoring the country's progress toward its national vision for digital resilience and AI-enabled defence, a study showed. According to research by Cohesity, a company specialising in AI-powered data security and resilience, 86 per cent of UAE employees expressed confidence in recognising a cyber threat—compared to 81 per cent in the UK, 80 per cent in Germany, and just 62 per cent in France. Nearly nine in ten (89 per cent) UAE respondents also said they trust their organisation's ability to prevent and recover from attacks. Beyond awareness, the study reveals encouraging signs of action-oriented behaviour. Two-thirds of UAE employees say they would report suspicious activity to their cybersecurity team, showing an apt response, in comparison to respondents from the UK (61 per cent), Germany (53 per cent), and France (48 per cent). Amongst other UAE employees, over half would notify their IT department. This instinct to act is supported by ongoing education: 66 per cent have received some form of cybersecurity training in the past year. However, the research also highlights areas where further progress is needed. A small but notable group of employees say they would either attempt to resolve a threat on their own (15 per cent) or turn to personal contacts first (19 per cent), indicating a gap in internal reporting clarity, and a potentially risk to the entire organisation that mis-understanding of how important it is that reporting through the correct processes is critical to the quickest resolution of any potential risk of cyber attack . Among those hesitant to report incidents correctly, the leading reasons include fear of blame or confusion (46 per cent), a belief that it isn't their responsibility (27 per cent), and worry about overreacting (14 per cent). Johnny Karam, Managing Director and Vice President, International Emerging Region at Cohesity, commented: 'The findings reflect the UAE's clear leadership in cybersecurity readiness across the EMEA region. With initiatives driven by the UAE Cybersecurity Council and a strong national focus on AI and digital transformation, it's no surprise that employee awareness is rising in step with enterprise investment.' 'What stands out is not just awareness, but the willingness to act. The next step is closing the gap—equipping employees with the tools, clarity, and – perhaps most importantly - confidence to respond without hesitation. If we educate all employees of the serious risks to the organisation of not correctly reporting any potential cyber risks they see, encouraging a mentality that they will not get in trouble for doing so, and highlighting their individual capability to maximise the speed of response all UAE organisations can be more resilient. At Cohesity, we believe true cyber resilience is built on both technology and a culture of empowered people,' Karam added. The UAE's continued investment in cybersecurity infrastructure, most recently through advanced threat detection systems activated under the direction of the UAE Cybersecurity Council, demonstrates a firm national commitment to securing the digital landscape. The study shows that employees are already aligning with this vision: ● Two-thirds of the respondents have undergone cybersecurity training, with 39 per cent participating in multiple sessions in the past year. ● Over half (51 per cent) would report a suspicious incident to IT, while 67 per cent would notify a cybersecurity team, demonstrating a willingness to escalate issues through formal channels. ● 77 per cent are familiar with the term 'ransomware', showing widespread awareness of key threat types. Awareness of cyber threats is on the rise in the UAE, with 77 per cent of employees familiar with the term 'ransomware'. This strong baseline offers an ideal foundation to build upon. By expanding education beyond surface-level awareness to include real-world examples and practical training, companies can empower their teams with the confidence and clarity needed to respond effectively. While confidence in reporting and escalating potential ransomware threats within the organisation is high, the study reveals opportunities to further strengthen internal reporting behaviour. Around 15 per cent say they would attempt to resolve a threat themselves, and 19 per cent would first alert their personal contacts, These responses highlight a proactive mindset, which organisations can harness by further strengthening internal reporting protocols and promoting awareness of the appropriate escalation paths. Among the smaller group of employees who expressed hesitation in reporting a potential incident, the most common reasons included: ● UAE employees showed a strong sense of fear of blame or not understanding the issue (46 per cent), while EMEA employees had a more neutral perspective (UK - 26 per cent, Germany - 20 per cent, and France - 15 per cent). ● 27 per cent of the UAE respondents believed it wasn't their responsibility, showing a much bigger gap to appreciating their role in their organisations cyber safety as compared to their EMEA counterparts (UK -10 per cent, Germany - 12 per cent, and France 19 per cent). ● 14 per cent UAE employees feared overreacting, in-tune with 18 per cent of German respondents 15 per cent from the UK and 11 per cent of French respondents showing similar sentiment. With the UAE government actively advancing national cybersecurity capabilities and frameworks, the country is uniquely positioned to lead by example. Employees are ready and willing: confidence is high, training is widespread, and the instinct to act is evident. To fully unlock this potential, organisations must ensure that every employee, from the frontline to the C-suite, knows their role in safeguarding the business. Mark Molyneux, CTO, EMEA at Cohesity, added: 'These findings confirm what we're seeing across the region: employees are increasingly aware of cyber risks and are willing to step up, which is largely due to the UAE Cyber Security Council's approach to increasing security awareness across the Emirates. But this awareness must be matched with action. The future of cybersecurity will be defined by how quickly organisations can enable secure, informed decisions at every level. That means embedding cyber resilience into daily operations, investing in smart automation, closing the gap between detection and response, and instilling a culture that supports employees in raising concerns early in a safe space. In fast-moving threat environments, AI-powered data security is not a luxury, it's an operational necessity.'
Khaleej Times
8 hours ago
- Khaleej Times
'We have a buyer': TikTok will be purchased by 'very wealthy people', says Trump
US President Donald Trump said in an interview broadcast on Sunday that he had found a buyer for TikTok, a group of "very wealthy people" whom he will reveal in about two weeks. Trump made the remarks in an interview on Fox News Channel's "Sunday Morning Futures with Maria Bartiromo". Earlier this month, Trump extended to September 17 a deadline for the China-based ByteDance to divest the US assets of TikTok despite a law that mandated a sale or shutdown without significant progress. The Republican president had earlier twice granted a reprieve from federal enforcement of a law that mandated the sale or shutdown of TikTok which was supposed to take effect in January, absent significant progress toward a sale. Trump has said he wants to keep the app, which helped him woo young voters in the 2024 presidential election, active in the US.
