Latest news with #SparkKitty
Hamilton Spectator
02-07-2025
- Hamilton Spectator
This malware found in Google Play and Apple Store can steal photos from your phone — What you need to know about SparkKitty
Don't let the cute name fool you, this dangerous malware can sneak its way into your phone and steal all your photos. Researchers at IT security company Kaspersky recently discovered a new trojan malware hiding inside applications available for download on official app stores Apple App Store and Google Play. The malware researchers named SparkKitty is a cross-platform trojan, which means it can infect both Android and iOS devices. A trojan is a sneaky type of virus that hides inside supposedly legitimate applications or documents. Kaspersky researchers found SparkKitty embedded inside applications available on official app stores but some were also found in unofficial app marketplaces, hidden inside fake TikTok app installers, various gambling and adult games, and crypto-related apps. Once downloaded, it sneaks its way into the device, prompts the user to grant access to the photo gallery and then takes control and steals all the images. 'SparkKitty uploads each and every one of your snapshots to its command-and-control (C&C) server,' the researchers wrote in the report . C&C servers are hacker-controlled computers that send instructions to and remotely control an infected device. One of the infected apps found on Google Play was a messaging app with crypto exchange features called SOEX, according to the report. The app was uploaded to the Android app store and installed over 10,000 times when the researchers made the discovery. The SparkKitty-infected app found on Google Play. 'It was still available in the store at the time of this research,' the Kaspersky team said. Kaspersky notified Google, who has since removed the infected app from the app store. On the Apple app store it was found embedded inside a bitcoin app for tracking cryptocurrency rates. 'We are not sure exactly how this suspicious spy activity ended up in the app,' they said, adding that it's possible that the developers weren't aware that their app was compromised somewhere along their supply chain. But, it's also possible that the developers deliberately embedded the malware into the app, they said. Researchers also discovered SparkKitty being distributed outside official app stores, with the malware found hidden inside TikTok clones distributed via unofficial channels. The fake TikTok app carrying the SparkKitty trojan SparkKitty's predecessor SparkCat , believed to have been spreading since at least early 2024, originally targeted mobile phone users in Asia. However, researchers believe the campaign has gone beyond its original scope and have likely upscaled their operation to target those in other countries and continents, according to the report. The golden rule 'download apps from official sources only' still applies, the researchers said. However, users should also be aware that apps infected with dangerous malware are also now making their way into official app stores. According to some experts, many developers may be inadvertently adding pieces of malware into applications that are then making their way into official app stores. Other times, legitimate applications that have built a reputable reputation are compromised after a change of ownership. Kaspersky recommends a number of steps to keep devices safe In a previous interview with Metroland Media, Estyn Edwards, chief technology officer for Canadian app development company Punchcard Systems said users should take time to read reviews before downloading an app, but added they should also be aware that some reviews can be faked. Taking the time to research an app and the company is also advised. He also warned users to be wary of apps being offered for free online, when it's supposed to be bought in official app marketplaces. 'You'd probably pay for that with your privacy or with whatever they can get from you through fraud,' he warned. Error! Sorry, there was an error processing your request. There was a problem with the recaptcha. Please try again. You may unsubscribe at any time. By signing up, you agree to our terms of use and privacy policy . This site is protected by reCAPTCHA and the Google privacy policy and terms of service apply. Want more of the latest from us? Sign up for more at our newsletter page .
Fox News
01-07-2025
- Fox News
SparkKitty mobile malware targets Android and iPhone
Bad actors constantly seek every bit of personal information they can get, from your phone number to your government ID. Now, a new threat targets both Android and iPhone users: SparkKitty, a powerful mobile malware strain that scans private photos to steal cryptocurrency recovery phrases and other sensitive data. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join my Researchers at cybersecurity firm Kaspersky recently identified SparkKitty. This malware appears to succeed SparkCat, a campaign first reported earlier this year that used optical character recognition (OCR) to extract sensitive data from images, including crypto recovery phrases. SparkKitty goes even further than SparkCat. According to Kaspersky, SparkKitty uploads images from infected phones without discrimination. This tactic exposes not just wallet data but also any personal or sensitive photos stored on the device. While the main target seems to be crypto seed phrases, criminals could use other images for extortion or malicious purposes. Kaspersky researchers report that SparkKitty has operated since at least February 2024. Attackers distributed it through both official and unofficial channels, including Google Play and the Apple App Store. Kaspersky found SparkKitty embedded in several apps, including one called 币coin on iOS and another called SOEX on Android. Both apps are no longer available in their respective stores. SOEX, a messaging app with cryptocurrency-related features, reached more than 10,000 downloads from the Google Play Store before its removal. On iOS, attackers deliver the malware through fake software frameworks or enterprise provisioning profiles, often disguised as legitimate components. Once installed, SparkKitty uses a method native to Apple's Objective-C programming language to run as soon as the app launches. It checks the app's internal configuration files to decide whether to execute, then quietly starts monitoring the user's photo library. On Android, SparkKitty hides in apps written in Java or Kotlin and sometimes uses malicious Xposed or LSPosed modules. It activates when the app launches or after a specific screen opens. The malware then decrypts a configuration file from a remote server and begins uploading images, device metadata, and identifiers. Unlike traditional spyware, SparkKitty focuses on photos, especially those containing cryptocurrency recovery phrases, wallet screenshots, IDs, or sensitive documents. Instead of just monitoring activity, SparkKitty uploads images in bulk. This approach makes it easy for criminals to sift through and extract valuable personal data. 1) Stick to trusted developers: Avoid downloading obscure apps, especially if they have few reviews or downloads. Always check the developer's name and history before installing anything. 2) Review app permissions: Be cautious of apps that request access to your photos, messages, or files without a clear reason. If something feels off, deny the permission or uninstall the app. 3) Keep your device updated: Install system and security updates as soon as they are available. These updates often patch vulnerabilities that malware can exploit. 4) Use mobile security software: The best way to safeguard yourself from malicious software is to have strong antivirus software installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices by visiting Both Apple and Google removed the identified apps after being alerted, but questions remain about how SparkKitty bypassed their app review processes in the first place. As app stores grow, both in volume and complexity, the tools used to screen them will need to evolve at the same pace. Otherwise, incidents like this one will continue to slip through the cracks. Do you think Google and Apple are doing enough to protect users from mobile malware and evolving security threats? Let us know by writing to us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
News18
01-07-2025
- News18
This Dangerous Malware Uses Images And Screenshots Saved On Your Phone To Steal Data
Malware attacks are getting savvier and both Android and iOS devices are at risk because of how hackers are able to bypass the stringent security checks. There is a new malware threat for Android and iOS users and this one is scary because it tries to steal data from images and screenshots saved on your phone. The details about SparkKitty have been shared by Kaspersky that first spotted the malware back in January this year. We have seen malware of different nature over the years, and the use of AI is making security experts worried about the advancement of the attacks and how they can bypass stringent checks. It seems SparkKitty is showing us the mirror and the scary future of these malware threats, especially when it can clear strict security settings with ease. The malware, according to Kaspersky, uses optical character recognition to scan through photos and screenshots on the infected phone. The security firm suggests that SparkKitty has been distributed across Android and Apple App stores since February 2024 and the malicious apps have been removed from both the app stores. It seems the malware was mostly disguised as crypto wallet apps that offered trading and other features. People installed the apps thinking they are genuine but inadvertently have the malware the access to scan through the phone's gallery and other content to inflict serious damage. Even though the affected apps have been removed, it is certain that users need to be wary about the apps they download, where they install it from and other security measures to keep their devices and data safe. Even within the Play Store, you should check for the details of the app developer and see if their credentials are genuine. Besides the SparkKitty threat, you've also had to contend with Godfather alert and its new version is even more worrying. The biggest worry is that any regular login that you make for your banking apps can be captured by the attacker. The first instance of the new Godfather malware was detected when Turkish banks were targeted by the attackers. The biggest concern with the new malware version is that it can mimic your actions, which makes it tough for the detection tools to raise any alarm bells. Even the user is caught unaware because of how slyly the whole act takes place.
Time of India
01-07-2025
- Time of India
Kaspersky has discovered SparkKitty: A new Trojan spy on app store and google play, ET CISO
Cybercrime & Fraud 4 min read Kaspersky has discovered SparkKitty: A new Trojan spy on app store and google play Kaspersky Lab found SparkKitty, a new Trojan spy, targeting iOS and Android phones. It steals images and device data. The malware hid in crypto, gambling apps, and a fake TikTok, spread via app stores and scam sites. Attackers aim to steal cryptocurrency from Southeast Asia and China. Users in India may also be at risk.
Indian Express
26-06-2025
- Indian Express
This malware steals screenshots from your device: Everything to know about SparkKitty
A newly identified mobile malware named SparkKitty is targeting smartphone users through fake applications, stealing images from their photo galleries, including screenshots. These screenshots could likely contain cryptocurrency wallet recovery phrases or other sensitive details. The Trojan has been detected on Android and iOS platforms, and experts warn it poses a serious risk to the growing number of people managing digital assets on their phones. SparkKitty is classified as a Trojan virus, meaning it disguises itself as a genuine app but performs harmful actions in the background. Security researchers have found that it embeds itself in various fake apps, including crypto converters, messaging apps, and unofficial versions of the social media app TikTok. Some of these apps were even listed on official app stores before being taken down. SparkKitty appears to be a mobile version of an earlier malware known as SparkCat, which targeted macOS and Windows systems a few years ago. Notable overlaps were found by researchers at SecureList, a research wing of Kaspersky, between the two malware, suggesting a shift in attackers' tactics, with them now targeting smartphones as users increasingly rely on them to store and manage financial information. Once a user installs a fake app with SparkKitty embedded, it requests access to the phone's photo gallery. On Android, it scans all images using built-in tools to detect text within screenshots, especially those showing wallet recovery phrases or QR codes. On iPhones, the malware uses common coding libraries to bypass system restrictions and access stored photos and device information, as reported by cybersecurity firm Kaspersky, which originally discovered the virus. The primary purpose of SparkKitty is to gain control of users' cryptocurrency wallets. Many people store their wallet seed phrases (phrases that store all the information needed to recover Bitcoin funds) as screenshots for convenience, unaware that these unprotected images can be easily accessed by malware. Once these images are stolen, attackers can use the information to recover the wallets and transfer out the funds without the user's knowledge. Although the malware has mainly been found targeting users in Southeast Asia and China, cybersecurity experts caution that its distribution methods could allow it to spread globally. SparkKitty has been circulated through both official platforms, like the Play Store and App Store, as well as unofficial sources that offer pirated applications. Its use of misleading app names, convincing icons, and fake user reviews makes it difficult for average users to identify the threat. To stay protected from SparkKitty and similar threats, users are advised not to store sensitive information like bank account details, passwords, and recovery information as screenshots. Instead, security experts recommend writing them down and storing them securely offline. Apps should only be granted access to photos when absolutely necessary, and users should regularly review their app permissions. Suspicious apps, even those downloaded from your phone's official app store, should be removed, and devices should be kept updated with the latest security patches. Tools like Google Play Protect or reputable mobile antivirus software can also help detect malicious activity. (This article has been curated by Arfan Jeelany, who is an intern with The Indian Express)
