A new malware named SparkKitty has been uncovered in apps on both the Google Play Store and Apple App Store, designed to steal images from infected Android and iOS devices.
Thought to be an evolution of the earlier SparkCat malware, SparkKitty uses techniques like OCR to search photo galleries for cryptocurrency wallet seed phrases. Kaspersky found that it indiscriminately uploads all images from a user’s photo library, potentially exposing sensitive content beyond crypto-related data.
The malicious apps, such as "币coin" on iOS and "SOEX" on Android, have been removed, but modded versions are still spreading through unofficial platforms. On iOS, the malware is disguised as legitimate frameworks and uses enterprise provisioning to bypass restrictions, while on Android, it relies on permission requests and may leverage Xposed modules.
Once access is granted, the malware monitors and uploads images—sometimes filtering for text using Google’s ML Kit OCR—to command-and-control servers.
This incident emphasizes the ongoing risk of malicious apps on trusted platforms and reinforces the importance of keeping crypto recovery phrases offline and denying unnecessary permissions during app installs.
Read more...