Cybersecurity experts at Kaspersky have identified a new sophisticated malware strain called SparkKitty, which has been active since at least February 2024. This malware is part of the larger SparkCat Trojan family, known for stealing cryptocurrency from unsuspecting users.

Kaspersky initially discovered the original SparkCat malware in January 2025 after finding it in apps available on both Google Play Store and Apple’s App Store. These malicious apps typically disguise themselves as legitimate software, which is especially dangerous in the cryptocurrency space. For instance, one Android app named SOEX posed as a messaging platform with crypto trading features and managed to accumulate over 10,000 downloads before detection.

The researchers also uncovered similar malicious apps in Apple’s iOS app store, including fake versions of TikTok. SparkKitty, the new variant, is specifically designed to access users’ photo libraries. This targets a common behavior among cryptocurrency users who often save screenshots of their wallet recovery phrases in their camera rolls. By capturing these images, attackers can potentially gain full control of victims’ cryptocurrency wallets.

Unlike its predecessor SparkCat, which was more selective, SparkKitty indiscriminately collects a wide range of photos from infected devices and sends them back to the attackers. Although the primary objective is to steal wallet recovery information, having broad access to users’ photos raises additional concerns. There is a risk that sensitive images could be exploited for blackmail or other malicious purposes, though Kaspersky has found no evidence yet that such activities have occurred.

This malware campaign has largely targeted users in Southeast Asia and China. The infected apps were often disguised as Chinese gambling games, TikTok lookalikes, and adult entertainment apps, specifically tailored for users in these regions.

The discovery of SparkKitty highlights the ongoing need for vigilance and secure practices in managing cryptocurrency and mobile device security.

Source: https://mashable.com/article/dangerous-new-malware-can-scan-photos-affects-android-ios