11 hours ago
This malware steals screenshots from your device: Everything to know about SparkKitty
A newly identified mobile malware named SparkKitty is targeting smartphone users through fake applications, stealing images from their photo galleries, including screenshots. These screenshots could likely contain cryptocurrency wallet recovery phrases or other sensitive details. The Trojan has been detected on Android and iOS platforms, and experts warn it poses a serious risk to the growing number of people managing digital assets on their phones.
SparkKitty is classified as a Trojan virus, meaning it disguises itself as a genuine app but performs harmful actions in the background. Security researchers have found that it embeds itself in various fake apps, including crypto converters, messaging apps, and unofficial versions of the social media app TikTok. Some of these apps were even listed on official app stores before being taken down.
SparkKitty appears to be a mobile version of an earlier malware known as SparkCat, which targeted macOS and Windows systems a few years ago. Notable overlaps were found by researchers at SecureList, a research wing of Kaspersky, between the two malware, suggesting a shift in attackers' tactics, with them now targeting smartphones as users increasingly rely on them to store and manage financial information.
Once a user installs a fake app with SparkKitty embedded, it requests access to the phone's photo gallery. On Android, it scans all images using built-in tools to detect text within screenshots, especially those showing wallet recovery phrases or QR codes. On iPhones, the malware uses common coding libraries to bypass system restrictions and access stored photos and device information, as reported by cybersecurity firm Kaspersky, which originally discovered the virus.
The primary purpose of SparkKitty is to gain control of users' cryptocurrency wallets. Many people store their wallet seed phrases (phrases that store all the information needed to recover Bitcoin funds) as screenshots for convenience, unaware that these unprotected images can be easily accessed by malware. Once these images are stolen, attackers can use the information to recover the wallets and transfer out the funds without the user's knowledge.
Although the malware has mainly been found targeting users in Southeast Asia and China, cybersecurity experts caution that its distribution methods could allow it to spread globally. SparkKitty has been circulated through both official platforms, like the Play Store and App Store, as well as unofficial sources that offer pirated applications. Its use of misleading app names, convincing icons, and fake user reviews makes it difficult for average users to identify the threat.
To stay protected from SparkKitty and similar threats, users are advised not to store sensitive information like bank account details, passwords, and recovery information as screenshots. Instead, security experts recommend writing them down and storing them securely offline.
Apps should only be granted access to photos when absolutely necessary, and users should regularly review their app permissions. Suspicious apps, even those downloaded from your phone's official app store, should be removed, and devices should be kept updated with the latest security patches.
Tools like Google Play Protect or reputable mobile antivirus software can also help detect malicious activity.
(This article has been curated by Arfan Jeelany, who is an intern with The Indian Express)
