Kaspersky, a cybersecurity company, recently issued a warning about a newly discovered malware called SparkKitty, which specifically targets the photo libraries of infected devices with the intent of searching for screenshots of cryptocurrency seed phrases.

Kaspersky analysts Sergey Puzan and Dmitry Kalinin pointed out in a report released on Monday that SparkKitty infiltrates certain applications on the Apple App Store and Google Play, simultaneously attacking iOS and Android devices.

Once a device is infected, the malware indiscriminately steals all images from the photo library.

"Although we speculate that the primary target of the attackers is to find screenshots of cryptocurrency wallet seed phrases, the stolen images may also contain other sensitive data."

Kaspersky identified two applications spreading this malware, both related to cryptocurrency. One of them, named "Coin," is available on the App Store and claims to be a cryptocurrency information tracking tool.

The other is SOEX, a messaging application that offers "cryptocurrency trading features" on Google Play.

"This application has been uploaded to Google Play and has been installed over 10,000 times. During our research, it was still available in the app store. We have notified Google about this situation, and they subsequently removed the application from the store," Puzan and Kalinin stated.

The analysts also found that SparkKitty spreads through casino applications, adult-themed games, and malicious TikTok clone applications.

This malware is very similar to SparkCat, which was discovered in a Kaspersky investigation earlier this year. SparkCat scans user photos for cryptocurrency wallet recovery phrases.

Puzan and Kalinin noted that these two versions of malware likely come from the same source, as they not only share similar characteristics but also contain similar file paths from the attackers' systems.

"Although not technically or conceptually complex, this attack activity has been ongoing since at least early 2024, posing a significant security threat to users," Puzan and Kalinin emphasized. "Unlike the previously discovered SparkCat spyware, this malware is indiscriminate in stealing photos from the gallery."

According to Kaspersky's findings, this malware activity primarily targets users in Southeast Asia and China, as the infected applications include various Chinese gambling games, TikTok clones, and adult games.

"Judging by the distribution channels, this spyware mainly targets users in Southeast Asia and China," Puzan and Kalinin analyzed.

"However, it has no technical limitations to prevent it from attacking users in other regions," they added.

Related: Bitcoin ASIC manufacturer Canaan has launched pilot production in the U.S. and exited the AI business.

Original article: “Beware: SparkKitty Malware Stealing Your Seed Phrase Screenshots”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。