Kaspersky security researchers have uncovered a new mobile malware campaign aimed at cryptocurrency users. The virus, known as SparkKitty, utilizes infected applications to steal confidential information.
Overview of SparkKitty Campaign
The SparkKitty malware campaign was identified in January 2025, following the researchers' discovery of the SparkCat virus targeting cryptocurrency wallets. The new threat distributes malicious applications through both official app stores and unofficial sources, with some infected apps already removed from Google Play after notifications from the researchers.
Delivery Mechanisms on iOS and Android
The SparkKitty malware targets iOS and Android platforms using various delivery mechanisms. On iOS, malware payloads are delivered through frameworks masquerading as legitimate libraries. Android devices utilize both Java and Kotlin codes, including malicious Xposed modules, while most versions indiscriminately hijack all device images and utilize optical character recognition to steal sensitive information.
Infection Approaches Through TikTok and Other Apps
Kaspersky analysts initially identified the campaign while tracking suspicious links associated with modifications of TikTok Android apps. These modified applications execute additional malware code when users launch them. Infected TikTok versions request photo gallery permissions, which is absent in genuine releases of the app.
The SparkKitty campaign poses a serious threat to cryptocurrency users. The methods of distribution and information theft highlight the need for users to exercise caution when downloading applications and granting permissions.
