SparkKitty mobile malware targets Android and iPhone
Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER.
Researchers at cybersecurity firm Kaspersky recently identified SparkKitty. This malware appears to succeed SparkCat, a campaign first reported earlier this year that used optical character recognition (OCR) to extract sensitive data from images, including crypto recovery phrases.
SparkKitty goes even further than SparkCat. According to Kaspersky, SparkKitty uploads images from infected phones without discrimination. This tactic exposes not just wallet data but also any personal or sensitive photos stored on the device. While the main target seems to be crypto seed phrases, criminals could use other images for extortion or malicious purposes.
Kaspersky researchers report that SparkKitty has operated since at least February 2024. Attackers distributed it through both official and unofficial channels, including Google Play and the Apple App Store.
Kaspersky found SparkKitty embedded in several apps, including one called 币coin on iOS and another called SOEX on Android. Both apps are no longer available in their respective stores. SOEX, a messaging app with cryptocurrency-related features, reached more than 10,000 downloads from the Google Play Store before its removal.
On iOS, attackers deliver the malware through fake software frameworks or enterprise provisioning profiles, often disguised as legitimate components. Once installed, SparkKitty uses a method native to Apple's Objective-C programming language to run as soon as the app launches. It checks the app's internal configuration files to decide whether to execute, then quietly starts monitoring the user's photo library.
On Android, SparkKitty hides in apps written in Java or Kotlin and sometimes uses malicious Xposed or LSPosed modules. It activates when the app launches or after a specific screen opens. The malware then decrypts a configuration file from a remote server and begins uploading images, device metadata, and identifiers.
Unlike traditional spyware, SparkKitty focuses on photos, especially those containing cryptocurrency recovery phrases, wallet screenshots, IDs, or sensitive documents. Instead of just monitoring activity, SparkKitty uploads images in bulk. This approach makes it easy for criminals to sift through and extract valuable personal data.
1) Stick to trusted developers: Avoid downloading obscure apps, especially if they have few reviews or downloads. Always check the developer's name and history before installing anything.
2) Review app permissions: Be cautious of apps that request access to your photos, messages, or files without a clear reason. If something feels off, deny the permission or uninstall the app.
3) Keep your device updated: Install system and security updates as soon as they are available. These updates often patch vulnerabilities that malware can exploit.
4) Use mobile security software: The best way to safeguard yourself from malicious software is to have strong antivirus software installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices by visiting CyberGuy.com/LockUpYourTech.
Both Apple and Google removed the identified apps after being alerted, but questions remain about how SparkKitty bypassed their app review processes in the first place. As app stores grow, both in volume and complexity, the tools used to screen them will need to evolve at the same pace. Otherwise, incidents like this one will continue to slip through the cracks.
Do you think Google and Apple are doing enough to protect users from mobile malware and evolving security threats? Let us know by writing to us at Cyberguy.com/Contact.
Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER.
Copyright 2025 CyberGuy.com. All rights reserved.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CBS News
15 minutes ago
- CBS News
Trusty K-9 companion suiting up to keep University of Minnesota medical student safe
A dog named Nova is suiting up for a very special purpose: keeping a close eye on her human, University of Minnesota medical student Wesley Flint. "Everyday we come in and I put on her boots and her lab coat and her goggles," Flint said. It's all part of Nova's personal protection equipment (PPE) routine as Flint's trusted assistant. Nova is led to her work space, a plush mat under a nearby table, and patiently waits until she's needed. "She's my medical alert dog. I'm a Type-1 diabetic," Flint said. "Diabetic alert dogs can actually smell the change in your blood sugar before any glucose sensor can pick it up a lot of the time." Sometimes, Nova can sense a blood-sugar drop up to a half hour before Flint's arm sensor does. "When my blood sugar is low, she'll get off the mat and come over to me and head butt me against the thigh," Flint said. "If she gives me an alert, I can check my sensor to see which way I'm trending. She's pretty accurate. Pretty rare for her to be wrong." Is Flint worried about technology or AI replacing Nova some day? "I don't think AI has a nose yet, and I'm not sure we can manufacture a robotic nose sensitive enough," Flint said.
Forbes
15 minutes ago
- Forbes
The Small Business Technology Gap, And How To Bridge It
There's a lot of talk right now about how AI and digital tools are transforming construction and manufacturing, and big firms are already there, deepening an already troubling technology gap for small businesses. Larger firms are using 5D project modeling, AI-based scheduling, and digital control centers to keep complex jobs on track. And it's paying off. By some estimates, these tools are shaving months off major builds and helping companies manage risk, labor, and materials more effectively. But most small businesses don't have access to these tools. And even if they did, they don't have the time or training to make them useful. In fact, a recent survey from Goldman Sachs 10,000 Small Businesses Voices (10ksb Voices), of which I am a member, found that 42% of small businesses do not have access to the resources and expertise necessary to successfully deploy AI. Defining the Small Business Technology Gap Small construction firms, tradespeople, specialty manufacturers, and independent contractors are being locked out of the new digital landscape—not because they lack skill, but because they're stuck operating in analog while their competitors have moved to digital. This isn't just a technology gap. It's an access gap: a very real barrier between having technology available on paper and being able to afford, train for, and apply it. As James M. Gordon, Managing Partner, Global CULTIVA, and a fellow member of the 10ksb Voices community, puts it: 'Once small companies are made aware of new technologies, they can adopt and innovate with them very quickly, sometimes even faster than large enterprises. We don't have the bureaucratic layers that slow bigger firms down. That agility is a key advantage.' If the past is predictive, then the future of infrastructure, manufacturing, and clean energy depends on small business involvement. But if we actually want that to be true, we must make it possible. Big projects increasingly require digital documentation, scheduling alignment, and full traceability across the entire supply chain. When small businesses serve as suppliers to larger enterprises, they are increasingly required to hold specific quality, compliance, or cybersecurity certifications—such as ISO, AS9100, or NIST standards. Achieving and maintaining these certifications is extremely difficult without digital systems in place. Paper-based or outdated processes make it nearly impossible to demonstrate the level of traceability, documentation control, and operational consistency that certification bodies and enterprise buyers expect. As a result, small businesses that still rely on paper timesheets, handwritten specifications, or siloed spreadsheets are unlikely to win those contracts—not due to the quality of their work, but because they aren't integrated into the digital systems larger contractors now demand. This is where policy should step in. It shouldn't just fund innovation at the top—it should open the pipeline at the bottom. That could mean shared access to digital tools through trade associations or local business hubs. It could mean practical grants—not risky innovation grants, but nuts-and-bolts support for upgrading systems, hiring tech-savvy staff, or getting certified to bid on projects that require digital coordination. Closing this access gap requires more than awareness. It needs deliberate policy action. Earlier this year, Goldman Sachs 10,000 Small Businesses Voices and the Bipartisan Policy Center released a playbook of policies to support small business innovation and growth. That playbook includes three recommendations that would directly help close this gap: Letting Small Businesses in on the Future Most small business owners aren't trying to "digitally transform." They're trying to get the job done, pay their crew, and keep the wheels turning. But the job has changed, and technology increasingly determines who gets to play. If we don't close this technology gap, we're not just leaving small businesses behind—we're narrowing the talent pool, weakening our supply chains, and increasing our national risk. Big business will keep building with or without us. The question is: how will we close the small business technology gap? Are we going to let small businesses in on the future, or not?
Washington Post
15 minutes ago
- Washington Post
Federal appeals court clears DOGE to access sensitive records at agencies
A divided appeals court panel on Tuesday said the Trump administration's U.S. DOGE Service can access sensitive data held by federal agencies, rejecting concerns that the move runs afoul of privacy law. In a 2-1 decision, a panel from the U.S. Court of Appeals for the 4th Circuit concluded that plaintiffs in the case, a group that includes labor unions and individual people receiving government benefits, had failed to show they could prevail in their legal challenge. The plaintiffs had asked courts to keep DOGE representatives from accessing personal information held by the Treasury Department, Office of Personnel Management and Education Department, saying that this action violated federal privacy law. Judge Julius N. Richardson, joined by Judge G. Steven Agee, wrote that the plaintiffs in the case "have struggled to show" they suffered harm in the case. Federal privacy law 'does not prohibit sharing information with those whose jobs give them good reason to access it,' Richardson wrote. He also suggested it made sense that DOGE affiliates 'tasked with modernizing an agency's software and IT systems would require administrator-level access to those systems, including any internal databases.' Richardson was nominated to the bench by Trump during his first term; Agee was nominated by President George W. Bush. Trump in January signed an executive order creating DOGE — which stands for the Department of Government Efficiency, though it is not a Cabinet-level agency — and ordered agency heads to give it 'full and prompt access to all unclassified agency records, software systems, and IT systems.' DOGE has been one of the most contentious initiatives of Trump's second term, spurring internal disputes within the administration and legal challenges. Trump ally Elon Musk oversaw it before he stepped away from the government. Plaintiffs in this case had sued to block DOGE from accessing personal information, and a judge in Maryland granted the request. The Trump administration appealed, accusing the judge of micromanaging the Executive Branch. Richardson and Agee agreed in April to stay the lower court's action amid the administration's appeal. Writing on Tuesday, the judges pointed to a U.S. Supreme Court order in another dispute involving DOGE and sensitive data. The high court in June had cleared the way for DOGE to access Social Security Administration data in a separate case, saying this was needed for its 'members to do their work.' 'This case and that one are exceedingly similar,' Richardson, joined by Agee, wrote Tuesday. They vacated the lower court's order and sent the matter back there for further proceedings. In a dissent, Judge Robert B. King wrote that the lower court had 'acted quickly — but extremely carefully' in temporarily blocking DOGE from accessing certain information. King, who was nominated by President Bill Clinton, said he would have kept the lower court order in place.
