This sneaky malware is after your phone's pictures: Here's why
What if your phone's photo gallery wasn't as private as you thought? Imagine a harmless-looking app quietly scanning your pictures, searching for clues to your digital life. Now imagine that app is after your crypto wallet details, and it has already slipped past the usual security gates on both Android and iOS. This is not some distant threat. It is happening right now, and it is making many rethink how safe their devices really are. Apps can be risky business
Most people trust the apps they download from the official Play Store or App Store. After all, these platforms promise to weed out the bad actors. But SparkKitty, a new malware strain, has managed to bypass these checks. Security researchers first flagged it in early 2025, and since then, it has turned up in apps that look completely routine. Some were even downloaded thousands of times before anyone noticed.
The trick is simple but effective. SparkKitty hides in apps that offer features like messaging or crypto tracking. Once installed, it asks for permission to access your photos. Many users do not think twice about this. But behind the scenes, the malware uses optical character recognition to scan images for text, especially those all-important crypto wallet recovery phrases. If you have ever taken a screenshot of your recovery phrase for convenience, you could be at risk. How does it really work SparkKitty appeared in apps on both official and unofficial stores
It targets both Android and iOS devices
Once inside your phone, it scans photos for sensitive information
The malware keeps checking your gallery for new images
Stolen data is sent to remote servers controlled by attackers
Security experts say this is part of a growing trend. Hackers are getting better at hiding malware in apps that seem trustworthy. Even after SparkKitty-infected apps were removed from the stores, similar threats keep popping up on third-party sites. What you can do Only download apps from developers you trust
Check app reviews and details before installing
Be cautious if an app wants access to your photos or files without a clear reason
Never store recovery phrases or passwords in your photo gallery
Use encrypted storage or a password manager for sensitive data
The risk is not limited to losing cryptocurrency. Any private image could be at risk. While there is no verified evidence of blackmail so far, the potential for misuse is real. The safest bet is to keep sensitive information out of your gallery and be extra careful about app permissions.
With malware like SparkKitty getting smarter, the old rules for staying safe online are changing. It is not enough to stick to official app stores or trust familiar-looking apps. The best defence is a mix of caution, good habits, and a willingness to question what apps really need from you. As more of our lives move onto our phones, a little scepticism can go a long way.
First Published Date: 25 Jun, 17:47 IST
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
4 hours ago
- Time of India
Android is currently optimised for…: Why Perplexity AI CEO Aravind Srinivas wants Google to rebuild its operating system
Perplexity AI CEO Aravind Srinivas wants Google to rebuild its Android operating system. He noted that Android is more optimised for the tech giant's ad-driven business model than for enabling AI-powered experiences for smartphone users. Srinivas took to the social media platform X (earlier Twitter) to share his opinion that highlights a potential conflict as AI assistants become more common in smartphones. With this post, he questions whether current platforms, particularly those tied to advertising like Android, can evolve into intelligent, agentic systems that will primarily serve users. Srinivas questions whether Android's current priorities are aligned with the emerging era of AI agents , which are designed to interact proactively with users. What Perplexity AI CEO Aravind Srinivas said about Android In his X post, Srinivas wrote: 'Android needs to be rebuilt for AI. It's currently optimised for preserving Google's ad business rather than a truly agentic OS.' With this post, he suggests that to achieve significant advancements in AI-first mobile computing, Google may need to make some fundamental changes to the operating system itself, rather than merely adding AI features as layers. This suggestion comes as Perplexity develops Comet, an AI browser that will compete with Google by offering query responses with inline citations. This criticism comes at a time when Google is under increasing pressure on several fronts. According to a recent report by Bloomberg, Apple executives have internally discussed the possibility of acquiring Perplexity AI, with M&A chief Adrian Perica reportedly raising the idea with senior leaders, including services head Eddy Cue. Recently, Srinivas also suggested that Google's key weakness lies in its heavy reliance on high-margin search advertising , which remains far more profitable than its other businesses, like YouTube, cloud services, or AI initiatives. At the recently held Sohn Investment Conference, Srinivas explained how the Android-maker is trapped by its success. He noted, 'This is the first time in two decades that Google is extremely vulnerable.'
Mint
5 hours ago
- Mint
Gemini AI could work with phone, WhatsApp and other Android apps: Report: What it means for users
Google is facing scrutiny after an email reportedly sent to select Android users revealed that its Gemini AI assistant will soon begin interacting with various on-device apps by default, regardless of whether the feature has been enabled or not. The change is expected to roll out automatically from 7 July, sparking widespread confusion and privacy concerns among users. According to screenshots shared on social media, including by well-known tipster CID on X, the email is titled,'We've made it easier for Gemini to interact with your device.' In it, Google allegedly outlines its plans to enhance the capabilities of Gemini by allowing it to connect with apps such as Phone, Messages, WhatsApp, and Utilities. The noteworthy element lies in the wording, which, as per the screenshots, note that Gemini will be able to access and interact with these apps'whether your Gemini Apps Activity is on or off.' This phrasing has raised red flags among users and privacy advocates alike, as it appears to suggest that the assistant could bypass user preferences related to app access. Notably, the term "Gemini Apps" refers to what was previously known as Gemini Extensions, tools that allow Google's AI to perform tasks across various apps. Until now, users could manually choose which apps Gemini could interact with through the app's settings menu. However, the new alleged update implies that this control might no longer be absolute. While the email screenshots later state that users can disable the features in the Apps settings page, Google does not provide specific instructions on how to do so. This contradiction has further fuelled confusion, as it seems to directly conflict with the earlier statement regarding unavoidable integration. As of now, Google has not issued an official clarification on the matter. With the feature set to activate on 7 July, users are urging the company to provide more transparency, along with clearer and more accessible options to manage AI permissions.
Mint
5 hours ago
- Mint
Jio AX6000 WiFi 6 router debuts in India with strong speed, smart features and budget price
Reliance Jio has introduced a new WiFi 6 router in India called the Jio AX6000 Universal Router. Priced at ₹ 5,999, this router is designed for people who want fast, stable internet across large homes and smart spaces. It supports both 2.4GHz and 5GHz bands and offers top speeds of up to 4,800Mbps, making it one of the most powerful budget routers available right now. The Jio AX6000 is a dual-band router, which means it works on both 2.4GHz and 5GHz frequency bands. You don't have to switch between them manually because the router keeps both bands under a single network name. It gives you high speeds of up to 4,800Mbps on 5GHz and up to 1,200Mbps on 2.4GHz, combining to offer a theoretical speed of up to 6,000Mbps. That means smoother streaming, faster downloads, and low-lag online gaming. You may be interested in One of the best things about this router is that it works with any internet service provider (ISP) through a regular Ethernet connection. Whether you use JioFiber, Airtel, BSNL, or any other service, you can plug it in and use it. However, it only supports IP over DHCP, not PPPoE, so keep that in mind. Setting up the router is very easy. You just plug it in and follow the steps on the JioHome app, which is available on both Android and iOS devices. You don't need to be a tech expert to get it working. The router can cover up to 2,000 square feet on its own, making it great for large houses. It also supports more than 100 devices at the same time. So, whether you're using smart bulbs, security cameras, or streaming on multiple TVs, this router can handle it all. It also includes Jio's True AI Mesh feature. If you add more AX6000 routers, they work together to spread WiFi across your entire home seamlessly. The router uses a quad-core processor, MU-MIMO, and OFDMA to ensure stable and efficient internet for every connected device.
