In June 2025, Kaspersky discovered a new malware named SparkKitty that targets iOS and Android users. It is designed to steal photos from the gallery, including cryptocurrency wallet recovery phrases.
How SparkKitty Spreads
SparkKitty spreads through seemingly legitimate applications that aim to access the user's photo gallery. An app named "币 coin" was found on iOS and passed Apple's review process. On Android, the malware was embedded in an app called SOEX, disguised as a messaging app with crypto exchange features. SOEX was downloaded over 10,000 times before it was removed.
Who is Affected and How to Protect Yourself
Currently, most victims are in Southeast Asia and China, but SparkKitty poses a risk to users worldwide. To protect yourself, it is recommended to:
* Avoid apps that request photo access without a valid reason. * Never store recovery phrases as screenshots. * Immediately delete any crypto-related screenshots. * Use only apps from verified developers. * On iOS, remove unknown device profiles via Settings → General → Device Management. * Consider using trusted antivirus software to detect malicious activity.
Why It Matters
Recovery phrases grant full access to crypto wallets. With SparkKitty harvesting them from galleries, cryptocurrency investors are facing real and increasing risks. The malware's infiltration of official app stores emphasizes the need for constant vigilance, even with apps that seem safe.
SparkKitty malware poses a serious threat to cryptocurrency users, highlighting the importance of security measures and caution when using applications.
