Latest news with #SparkCat
Fox News
01-07-2025
- Fox News
SparkKitty mobile malware targets Android and iPhone
Bad actors constantly seek every bit of personal information they can get, from your phone number to your government ID. Now, a new threat targets both Android and iPhone users: SparkKitty, a powerful mobile malware strain that scans private photos to steal cryptocurrency recovery phrases and other sensitive data. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join my Researchers at cybersecurity firm Kaspersky recently identified SparkKitty. This malware appears to succeed SparkCat, a campaign first reported earlier this year that used optical character recognition (OCR) to extract sensitive data from images, including crypto recovery phrases. SparkKitty goes even further than SparkCat. According to Kaspersky, SparkKitty uploads images from infected phones without discrimination. This tactic exposes not just wallet data but also any personal or sensitive photos stored on the device. While the main target seems to be crypto seed phrases, criminals could use other images for extortion or malicious purposes. Kaspersky researchers report that SparkKitty has operated since at least February 2024. Attackers distributed it through both official and unofficial channels, including Google Play and the Apple App Store. Kaspersky found SparkKitty embedded in several apps, including one called 币coin on iOS and another called SOEX on Android. Both apps are no longer available in their respective stores. SOEX, a messaging app with cryptocurrency-related features, reached more than 10,000 downloads from the Google Play Store before its removal. On iOS, attackers deliver the malware through fake software frameworks or enterprise provisioning profiles, often disguised as legitimate components. Once installed, SparkKitty uses a method native to Apple's Objective-C programming language to run as soon as the app launches. It checks the app's internal configuration files to decide whether to execute, then quietly starts monitoring the user's photo library. On Android, SparkKitty hides in apps written in Java or Kotlin and sometimes uses malicious Xposed or LSPosed modules. It activates when the app launches or after a specific screen opens. The malware then decrypts a configuration file from a remote server and begins uploading images, device metadata, and identifiers. Unlike traditional spyware, SparkKitty focuses on photos, especially those containing cryptocurrency recovery phrases, wallet screenshots, IDs, or sensitive documents. Instead of just monitoring activity, SparkKitty uploads images in bulk. This approach makes it easy for criminals to sift through and extract valuable personal data. 1) Stick to trusted developers: Avoid downloading obscure apps, especially if they have few reviews or downloads. Always check the developer's name and history before installing anything. 2) Review app permissions: Be cautious of apps that request access to your photos, messages, or files without a clear reason. If something feels off, deny the permission or uninstall the app. 3) Keep your device updated: Install system and security updates as soon as they are available. These updates often patch vulnerabilities that malware can exploit. 4) Use mobile security software: The best way to safeguard yourself from malicious software is to have strong antivirus software installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices by visiting Both Apple and Google removed the identified apps after being alerted, but questions remain about how SparkKitty bypassed their app review processes in the first place. As app stores grow, both in volume and complexity, the tools used to screen them will need to evolve at the same pace. Otherwise, incidents like this one will continue to slip through the cracks. Do you think Google and Apple are doing enough to protect users from mobile malware and evolving security threats? Let us know by writing to us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Indian Express
26-06-2025
- Indian Express
This malware steals screenshots from your device: Everything to know about SparkKitty
A newly identified mobile malware named SparkKitty is targeting smartphone users through fake applications, stealing images from their photo galleries, including screenshots. These screenshots could likely contain cryptocurrency wallet recovery phrases or other sensitive details. The Trojan has been detected on Android and iOS platforms, and experts warn it poses a serious risk to the growing number of people managing digital assets on their phones. SparkKitty is classified as a Trojan virus, meaning it disguises itself as a genuine app but performs harmful actions in the background. Security researchers have found that it embeds itself in various fake apps, including crypto converters, messaging apps, and unofficial versions of the social media app TikTok. Some of these apps were even listed on official app stores before being taken down. SparkKitty appears to be a mobile version of an earlier malware known as SparkCat, which targeted macOS and Windows systems a few years ago. Notable overlaps were found by researchers at SecureList, a research wing of Kaspersky, between the two malware, suggesting a shift in attackers' tactics, with them now targeting smartphones as users increasingly rely on them to store and manage financial information. Once a user installs a fake app with SparkKitty embedded, it requests access to the phone's photo gallery. On Android, it scans all images using built-in tools to detect text within screenshots, especially those showing wallet recovery phrases or QR codes. On iPhones, the malware uses common coding libraries to bypass system restrictions and access stored photos and device information, as reported by cybersecurity firm Kaspersky, which originally discovered the virus. The primary purpose of SparkKitty is to gain control of users' cryptocurrency wallets. Many people store their wallet seed phrases (phrases that store all the information needed to recover Bitcoin funds) as screenshots for convenience, unaware that these unprotected images can be easily accessed by malware. Once these images are stolen, attackers can use the information to recover the wallets and transfer out the funds without the user's knowledge. Although the malware has mainly been found targeting users in Southeast Asia and China, cybersecurity experts caution that its distribution methods could allow it to spread globally. SparkKitty has been circulated through both official platforms, like the Play Store and App Store, as well as unofficial sources that offer pirated applications. Its use of misleading app names, convincing icons, and fake user reviews makes it difficult for average users to identify the threat. To stay protected from SparkKitty and similar threats, users are advised not to store sensitive information like bank account details, passwords, and recovery information as screenshots. Instead, security experts recommend writing them down and storing them securely offline. Apps should only be granted access to photos when absolutely necessary, and users should regularly review their app permissions. Suspicious apps, even those downloaded from your phone's official app store, should be removed, and devices should be kept updated with the latest security patches. Tools like Google Play Protect or reputable mobile antivirus software can also help detect malicious activity. (This article has been curated by Arfan Jeelany, who is an intern with The Indian Express)
Scottish Sun
24-06-2025
- Scottish Sun
Urgent warning to delete two dangerous apps that STEAL all your private photos and blackmail you for money
The stolen data could also be used for other malicious purposes, like extortion, if the images contain sensitive content GONE PHISHING Urgent warning to delete two dangerous apps that STEAL all your private photos and blackmail you for money Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) TWO dangerous apps have been banned for stealing the private photos of those who install it, allowing hackers to later blackmail victims. While the platforms have since been removed from the Google Play and Apple App Store, cybersecurity researchers have warned that TikTok clone apps may also be enacting the same attack. Sign up for Scottish Sun newsletter Sign up 4 The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play Credit: Kaspersky 4 SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android's official app store, according to Bleeping Computer Credit: Kaspersky 4 The photo-stealing malware, according to researchers, is running even more rampant on unofficial channels in the forms of TikTok clones, adult-themes games as well as gambling and casino apps Credit: Kaspersky Our smartphone camera rolls usually contain thousands of photos and screenshots - some of which could be used against you, cybersecurity researchers at Kaspersky have warned. This could be anything from bank statements, card details, photo ID and security code screenshots, to cheeky photos you'd rather keep private. The apps are thought to be embedded with a new strain of SparkCat malware - a form of malicious software, which Kaspersky discovered in January. The software, which appears to be targeting iPhone and Android devices, uses a special optical character recognition (OCR) tool to give hackers eyes inside your phone. Hackers are mostly using the malware to steal cryptocurrency wallet recovery phrases from images saved on infected devices. But, as Bleeping Computer noted, the stolen data could also be used for other malicious purposes, like extortion, if the images contain sensitive content. Dangerous apps The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play. SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android's official app store, according to Bleeping Computer. It's unclear how many people have installed 币coin. Once downloaded, the 币coin iOS app immediately requests access to the photo gallery, while SOEX on Android requests the storage permissions to access images. Huge Global Data Breach: 16 Billion Accounts at Risk It is important to always check what you are agreeing to when apps request permission to access the data on your device. If users grant the iOS app permission, the malware silently monitors the gallery for changes and steals any new images. On Android, the malware snatches images straight from the photo gallery, along with device identifiers and metadata, and hands them straight to hackers. Some versions of the malware, titled SparkKitty, only hunt for screenshots and images containing text - suggesting they are on the prowl for passwords and security codes. But there remains the risk of sextortion over nude images, or other forms of blackmail. If you have downloaded one of the infected apps, then it's important to delete it immediately. While the dangerous apps managed to evade Apple and Google's security measures to register on their app stores, it is still important to download apps only through these official channels. The photo-stealing malware, according to researchers, is running even more rampant on unofficial channels in the forms of TikTok clones, adult-themed games as well as gambling and casino apps. How to spot a dodgy app Detecting a malicious app before you hit the 'Download' button is easy when you know the signs. Follow this eight-point checklist when you're downloading an app you're unsure about: Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts. Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions. Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake. Research the developer - do they have a good reputation? Or, are totally fake? Check the release date - a recent release date paired with a high number of downloads is usually bad news. Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary. Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities. Check the icon - look closely, and don't be deceived by distorted, lower-quality versions the icons from legitimate apps. All of this information will available in both Apple's App Store and the Google Play Store.
The Irish Sun
24-06-2025
- The Irish Sun
Urgent warning to delete two dangerous apps that STEAL all your private photos and blackmail you for money
TWO dangerous apps have been banned for stealing the private photos of those who install it, allowing hackers to later blackmail victims. While the platforms have since been removed from the Google Play and Apple App Store, cybersecurity researchers have warned that TikTok clone apps may also be enacting the same attack. Advertisement 4 The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play Credit: Kaspersky 4 SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android's official app store, according to Bleeping Computer Credit: Kaspersky 4 The photo-stealing malware, according to researchers, is running even more rampant on unofficial channels in the forms of TikTok clones, adult-themes games as well as gambling and casino apps Credit: Kaspersky Our smartphone camera rolls usually contain thousands of photos and screenshots - some of which could be used against you, cybersecurity researchers at This could be anything from bank statements, card details, photo ID and security code screenshots, to cheeky photos you'd rather keep private. The apps are thought to be embedded with a new strain of SparkCat malware - a form of malicious software, which Kaspersky discovered in January. The software, which appears to be targeting iPhone and Android devices, uses a special optical character recognition (OCR) tool to give hackers eyes inside your phone. Advertisement READ MORE ON SCAMS Hackers are mostly using the malware to steal cryptocurrency wallet recovery phrases from images saved on infected devices. But, as Dangerous apps The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play. SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android's official app store, according to Bleeping Computer. Advertisement Most read in Tech Latest It's unclear how many people have installed 币coin. Once downloaded, the 币coin iOS app immediately requests access to the photo gallery, while SOEX on Android requests the storage permissions to access images. Huge Global Data Breach: 16 Billion Accounts at Risk It is important to always check what you are agreeing to when apps request permission to access the data on your device. If users grant the iOS app permission, the malware silently monitors the gallery for changes and steals any new images. Advertisement On Android, the malware snatches images straight from the photo gallery, along with device identifiers and metadata, and hands them straight to hackers. Some versions of the malware, titled SparkKitty, only hunt for screenshots and images containing text - suggesting they are on the prowl for passwords and security codes. But there remains the risk of sextortion over nude images, or other forms of blackmail. If you have downloaded one of the infected apps, then it's important to delete it immediately. Advertisement While the dangerous apps managed to evade Apple and Google's security measures to register on their app stores, it is still important to download apps only through these official channels. The photo-stealing malware, according to researchers, is running even more rampant on unofficial channels in the forms of TikTok clones, adult-themed games as well as gambling and casino apps. How to spot a dodgy app Detecting a malicious app before you hit the 'Download' button is easy when you know the signs. Follow this eight-point checklist when you're downloading an app you're unsure about: Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts. Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions. Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake. Research the developer - do they have a good reputation? Or, are totally fake? Check the release date - a recent release date paired with a high number of downloads is usually bad news. Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary. Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities. Check the icon - look closely, and don't be deceived by distorted, lower-quality versions the icons from legitimate apps. All of this information will available in both Apple's App Store and the Google Play Store. 4 If you have downloaded one of the infected apps, then it's important to delete it immediately Credit: Getty
Yahoo
07-02-2025
- Yahoo
Rare Screenshot-Grabbing Malware Found on Apple App Store
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing. In what appears to be a first, a strain of malware that can secretly steal screenshots from smartphones has infiltrated the Apple App Store. The so-called 'SparkCat' malware was discovered late last year secretly embedded in an iOS app called 'ComeCome-Chinese Food Delivery,' according to antivirus provider Kaspersky. SparkCat works by secretly deploying a character-recognition tool, enabling it to read text from stored images and seek out select keywords. If the desired words are found, the malware will then send the image to a hacker-controlled server. 'The [search] terms all indicated that the attackers were financially motivated, specifically targeting recovery phrases also known as 'mnemonics' that can be used to regain access to cryptocurrency wallets,' Kaspersky concluded. The antivirus provider's investigation also found that the malware will seek keywords in languages including Chinese, Japanese, Korean, English, Czech, French, Italian, Polish, and Portuguese. This suggests the attack was devised to prey on users in Europe and Asia. 'It must be noted that the malware is flexible enough to steal not just these phrases but also other sensitive data from the gallery, such as messages or passwords that might have been captured in screenshots,' Kaspersky said. The malicious code was also found in a few other iOS Apps, such as "AnyGPT" and "WeTink." The findings prompted Apple to remove a total of 11 iOS apps from its official store. Apple also told PCMag that the 11 apps shared computer code with 89 other iOS apps, which have also been removed or rejected. In addition, the developer accounts behind the apps have been terminated. Despite the malicious threat, Apple also noted that starting in iOS 14, the PhotoKit API lets users select only specific photos or videos to share with an app, rather than providing full access to the entire library. The company added that it has no tolerance for malicious activity and designed its app store to be safe and private for users. Kaspersky uncovered the iOS malware after spotting the malicious code operating through a variety of infected apps on the Google Play Store. Those apps were downloaded more than 242,000 times via Google Play and also circulated through unofficial app stores. "Analyzing Android versions of the malware, Kaspersky experts found comments in the code written in Chinese," it said. "Additionally, the iOS version contained developer home directory names, 'qiongwu' and 'quiwengjing,'" suggesting that the threat actors are fluent in Chinese. Google didn't immediately respond to a request for comment. But Kaspersky says its notified Google about the malware, too. It's unclear how so many apps became infected with the malware. Some of the infected apps appear to be legitimate food delivery services while others seem to be fake programs meant to bait users. In the meantime, Kaspersky says: 'This case once again shatters the myth that iOS is somehow impervious to threats posed by malicious apps targeting Android.' This story has been updated with comment from Apple.
