This malware steals screenshots from your device: Everything to know about SparkKitty
A newly identified mobile malware named SparkKitty is targeting smartphone users through fake applications, stealing images from their photo galleries, including screenshots. These screenshots could likely contain cryptocurrency wallet recovery phrases or other sensitive details. The Trojan has been detected on Android and iOS platforms, and experts warn it poses a serious risk to the growing number of people managing digital assets on their phones.
SparkKitty is classified as a Trojan virus, meaning it disguises itself as a genuine app but performs harmful actions in the background. Security researchers have found that it embeds itself in various fake apps, including crypto converters, messaging apps, and unofficial versions of the social media app TikTok. Some of these apps were even listed on official app stores before being taken down.
SparkKitty appears to be a mobile version of an earlier malware known as SparkCat, which targeted macOS and Windows systems a few years ago. Notable overlaps were found by researchers at SecureList, a research wing of Kaspersky, between the two malware, suggesting a shift in attackers' tactics, with them now targeting smartphones as users increasingly rely on them to store and manage financial information.
Once a user installs a fake app with SparkKitty embedded, it requests access to the phone's photo gallery. On Android, it scans all images using built-in tools to detect text within screenshots, especially those showing wallet recovery phrases or QR codes. On iPhones, the malware uses common coding libraries to bypass system restrictions and access stored photos and device information, as reported by cybersecurity firm Kaspersky, which originally discovered the virus.
The primary purpose of SparkKitty is to gain control of users' cryptocurrency wallets. Many people store their wallet seed phrases (phrases that store all the information needed to recover Bitcoin funds) as screenshots for convenience, unaware that these unprotected images can be easily accessed by malware. Once these images are stolen, attackers can use the information to recover the wallets and transfer out the funds without the user's knowledge.
Although the malware has mainly been found targeting users in Southeast Asia and China, cybersecurity experts caution that its distribution methods could allow it to spread globally. SparkKitty has been circulated through both official platforms, like the Play Store and App Store, as well as unofficial sources that offer pirated applications. Its use of misleading app names, convincing icons, and fake user reviews makes it difficult for average users to identify the threat.
To stay protected from SparkKitty and similar threats, users are advised not to store sensitive information like bank account details, passwords, and recovery information as screenshots. Instead, security experts recommend writing them down and storing them securely offline.
Apps should only be granted access to photos when absolutely necessary, and users should regularly review their app permissions. Suspicious apps, even those downloaded from your phone's official app store, should be removed, and devices should be kept updated with the latest security patches.
Tools like Google Play Protect or reputable mobile antivirus software can also help detect malicious activity.
(This article has been curated by Arfan Jeelany, who is an intern with The Indian Express)
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
5 hours ago
- Time of India
All preps done for e-voting in Buxar: DM
Buxar: Bihar State Election Commission is set to roll out an e-voting system using an Android-based application for the first time in the state. The pilot initiative will be implemented during the by-elections scheduled for June 28, for the posts of deputy chief councillor and ward councillor of the Buxar Nagar Parishad. With this, Bihar will become the first state in the country to adopt e-voting in an official electoral process. Buxar DM Vidya Nand Singh, said that all necessary preparations have been completed to ensure a smooth and transparent e-voting process. The district administration has set up 136 polling stations for the election. Approximately 13,000 eligible voters — including senior citizens above 80 years of age, persons with disabilities, pregnant women, critically ill individuals, and migrant workers—will have the option to cast their votes via a dedicated mobile application. Voters must complete prior registration to avail of the digital voting facility. The e-voting window will remain open from 7am to 1pm on June 28, while counting of votes is scheduled for June 30. "The mobile application developed for this initiative ensures both confidentiality and security. Votes cast electronically will be encrypted and locked immediately, and will only be decrypted during the official counting process to maintain the integrity and secrecy of the election," said the DM.
Hindustan Times
5 hours ago
- Hindustan Times
Google Handoff could finally fix the Android experience across multiple devices
Android users have long enjoyed the freedom of choice when it comes to phones, tablets, and brands. But when it comes to how these devices work together, Android still feels disconnected. That could change soon, thanks to a new feature being tested by Google. Google Handoff could finally fix the Android experience(Freepik) A recent beta version of Google Play Services includes code hinting at a feature called Handoff. This new feature may allow users to continue apps, media, and notifications from one Android device to another. For example, watching a video on your tablet and picking it up from the same spot on your phone. Or swiping away a notification on your watch and seeing it disappear from your phone, too. This is not a new idea. Apple's Handoff and Continuity features already offer a smooth experience across iPhones, iPads, and Macs. Samsung also has a version for Galaxy devices that lets users switch calls, share files, and connect earbuds easily. Google now seems ready to bring a similar benefit to the wider Android community. What makes Google's approach interesting? What makes this move important is that it may not be limited to one brand or device line. Since Handoff is being tested within Google Play Services, it could be available to all Android devices that run these core services. This would be a major step toward creating a more connected and user-friendly Android ecosystem. There is no official word from Google yet. No release timeline has been confirmed either. But the presence of the feature in a beta version is a strong signal that work is in progress. If and when this feature launches, it will make the daily use of multiple Android devices a lot more convenient. Right now, Android users often need to repeat actions or manage the same notifications on every device. Handoff could simplify all that. This is especially helpful for people who use Android at home, at work, and on the go. It could improve everything from media playback to messaging, without needing third party apps or brand specific workarounds. A better connected Android experience is long overdue. With Handoff, Google has the chance to build something truly useful for millions of users who rely on more than one device each day.
Indian Express
5 hours ago
- Indian Express
This malware steals screenshots from your device: Everything to know about SparkKitty
A newly identified mobile malware named SparkKitty is targeting smartphone users through fake applications, stealing images from their photo galleries, including screenshots. These screenshots could likely contain cryptocurrency wallet recovery phrases or other sensitive details. The Trojan has been detected on Android and iOS platforms, and experts warn it poses a serious risk to the growing number of people managing digital assets on their phones. SparkKitty is classified as a Trojan virus, meaning it disguises itself as a genuine app but performs harmful actions in the background. Security researchers have found that it embeds itself in various fake apps, including crypto converters, messaging apps, and unofficial versions of the social media app TikTok. Some of these apps were even listed on official app stores before being taken down. SparkKitty appears to be a mobile version of an earlier malware known as SparkCat, which targeted macOS and Windows systems a few years ago. Notable overlaps were found by researchers at SecureList, a research wing of Kaspersky, between the two malware, suggesting a shift in attackers' tactics, with them now targeting smartphones as users increasingly rely on them to store and manage financial information. Once a user installs a fake app with SparkKitty embedded, it requests access to the phone's photo gallery. On Android, it scans all images using built-in tools to detect text within screenshots, especially those showing wallet recovery phrases or QR codes. On iPhones, the malware uses common coding libraries to bypass system restrictions and access stored photos and device information, as reported by cybersecurity firm Kaspersky, which originally discovered the virus. The primary purpose of SparkKitty is to gain control of users' cryptocurrency wallets. Many people store their wallet seed phrases (phrases that store all the information needed to recover Bitcoin funds) as screenshots for convenience, unaware that these unprotected images can be easily accessed by malware. Once these images are stolen, attackers can use the information to recover the wallets and transfer out the funds without the user's knowledge. Although the malware has mainly been found targeting users in Southeast Asia and China, cybersecurity experts caution that its distribution methods could allow it to spread globally. SparkKitty has been circulated through both official platforms, like the Play Store and App Store, as well as unofficial sources that offer pirated applications. Its use of misleading app names, convincing icons, and fake user reviews makes it difficult for average users to identify the threat. To stay protected from SparkKitty and similar threats, users are advised not to store sensitive information like bank account details, passwords, and recovery information as screenshots. Instead, security experts recommend writing them down and storing them securely offline. Apps should only be granted access to photos when absolutely necessary, and users should regularly review their app permissions. Suspicious apps, even those downloaded from your phone's official app store, should be removed, and devices should be kept updated with the latest security patches. Tools like Google Play Protect or reputable mobile antivirus software can also help detect malicious activity. (This article has been curated by Arfan Jeelany, who is an intern with The Indian Express)
