Kaspersky has issued a warning about the newly discovered malware SparkKitty, which steals photos from infected devices with the aim of finding crypto phrases.
Description of SparkKitty Malware
In a recent report by Kaspersky analysts Sergey Puzan and Dmitry Kalinin, the SparkKitty malware is said to target both iOS and Android devices. Once infected, the software indiscriminately steals all images from the photo gallery.
> "Although we suspect the attackers’ main goal is to find screenshots of crypto wallet seed phrases, other sensitive data could also be present in the stolen images." CITE_W_A
Targeted Apps and Distribution Methods
Two apps used to deliver the malware were focused on crypto themes. One known as 币coin markets itself as a crypto information tracker, available on the App Store. The second, SOEX, was a messaging app with crypto exchange features, having been installed over 10,000 times on Google Play. Kaspersky notified Google, and the app was removed from the store. The analysis also discovered SparkKitty being delivered through casino apps, adult-themed games, and malicious TikTok clones.
Geographical Targets and Other Features
The main targets of this malware campaign are users in Southeast Asia and China. Based on Kaspersky’s findings, infected apps include several Chinese gambling games, TikTok, and adult games.
> "Judging by the distribution sources, this spyware primarily targets users in Southeast Asia and China." CITE_W_A
SparkKitty poses a significant threat to users, particularly in regions where it is actively spreading. Kaspersky experts warn of an increase in such types of malware and recommend monitoring data security.
