Recently, researchers at Kaspersky uncovered a new type of mobile malware known as SparkKitty, aimed at stealing seed phrases from cryptocurrency users.
Overview of SparkKitty Malware
SparkKitty is a new strain of mobile spyware that focuses on stealing screenshots of seed phrases from crypto wallets found in users' photo galleries. The malware is primarily spreading among users in Southeast Asia and China.
Distribution and Concealment Methods
The malware is hidden within seemingly legitimate apps, including TikTok mods, crypto trackers, gambling games, and adult content apps. These apps trick users into installing a special developer profile, allowing the malware to operate outside of regular app review protections. Once installed, the malware waits for users to access specific screens before requesting access to the photo gallery.
Researchers' Response and App Removals
Kaspersky has notified both Apple and Google about the issue, resulting in the affected apps being removed from their stores. The campaign has reportedly been active since at least April 2024, with earlier samples identified.
The SparkKitty malware poses a threat to cryptocurrency users, highlighting the need for increased awareness of new mobile security risks.
