SparkKitty Malware Targets Photo Galleries to Hunt Crypto Seed Phrase

The discovery was made by Kaspersky researchers Sergey Puzan and Dmitry Kalinin, who explained that SparkKitty is able to infect both iPhones and Android phones by hiding inside apps available on official app stores.

According to a June 23 report, the malware has been found in several apps, including one called 币coin on the Apple App Store and another named SOEX on Google Play.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How to Trade NFTs Safely? (Animated Explainer For Beginners)

SUBSCRIBE

ON YOUTUBE

The first claimed to be a crypto tracking tool, while the second combined messaging with exchange features. SOEX had been downloaded over 10,000 times before Kaspersky alerted Google, which then removed it from the store.

Once installed, SparkKitty copies all images from a device’s gallery without checking their contents. While the main goal seems to be finding wallet recovery phrases, the attackers could also get access to other private information stored in those pictures.

According to Kaspersky’s research, the malware mostly affects users in Southeast Asia and China. Many of the infected apps were written in Chinese and designed to appeal to users in that region.

However, the researchers noted that SparkKitty is capable of spreading to other parts of the world, as it does not include any regional limits in its design.

On June 9, Kaspersky reported that a hacker group known as Librarian Ghouls had taken control of hundreds of computers in Russia to secretly mine cryptocurrency. How? Read the full story.