Latest news with #SparkCat
Techday NZ
04-08-2025
- Techday NZ
CrowdStrike report warns of GenAI driving surge in cyberattacks
CrowdStrike has released its 2025 Threat Hunting Report detailing how adversaries are using generative AI (GenAI) to enhance and scale cyberattacks, with a particular focus on emerging threats to autonomous AI systems within enterprises. The report draws on intelligence from CrowdStrike's team of threat hunters and analysts, surveying attacks by over 265 known adversary groups. The findings highlight how attack vectors are evolving with increased automation and use of AI, as well as the targeting of AI-driven systems themselves. AI-powered attacks According to the report, GenAI-built malware is now operational, with lower-tier cybercriminals and hacktivist groups utilising AI to generate scripts, troubleshoot technical issues, and develop new forms of malware. Early examples cited include attacks named Funklocker and SparkCat, which underscore how the barrier to entry for sophisticated cybercrime has been lowered. China-linked adversaries have driven a significant increase in attacks on cloud infrastructure, accounting for 40% of a 136% rise in such incidents during the first half of 2025. The report notes that actors like GENESIS PANDA and MURKY PANDA exploited cloud misconfigurations and access privileges to carry out attacks, while GLACIAL PANDA focused on embedding itself in telecommunications networks, leading to a 130% year-over-year surge in nation-state activity in that sector. Accelerating social engineering Beyond technical exploits, the report outlines how AI is being leveraged to automate social engineering campaigns. FAMOUS CHOLLIMA, a North Korea-linked group, used GenAI to generate fraudulent résumés, create deepfake videos for interviews, and complete technical assignments under assumed identities. This group reportedly infiltrated more than 320 companies worldwide, constituting a 220% year-over-year increase. The report also references Russia-linked EMBER BEAR's amplification of pro-Russia narratives and Iran-linked CHARMING KITTEN's deployment of phishing emails crafted with large language models targeting US and EU organisations. AI agents: A new target The rise of agentic AI - autonomous AI agents handling key business workflows - has created new opportunities for attackers. Several threat actors have reportedly exploited vulnerabilities in the tools used to build and manage these agents. Access was gained through unauthenticated channels, followed by credential harvesting, malware deployment, and ransomware installation. According to CrowdStrike, this marks the emergence of AI systems, and the identities they use, as a key part of the enterprise attack surface. "The AI era has redefined how businesses operate, and how adversaries attack. We're seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions. At the same time, adversaries are targeting the very AI systems organizations are deploying. Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets. Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts. Securing the AI that powers business is where the cyber battleground is evolving," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. Trend observations The report also highlights the resurgence of the SCATTERED SPIDER group, which has accelerated its use of identity-based attacks across multiple domains. The group's tactics in 2025 included using phone-based social engineering (vishing) and impersonation of help desk personnel to reset credentials, bypass multi-factor authentication measures, and deploy ransomware in less than 24 hours after gaining initial access. CrowdStrike's data shows a clear trend of increased adversary sophistication with the use of AI-enabled tools, not only for direct attacks but also for the exploitation of cloud, SaaS, and AI agent infrastructure. This shift is rapidly transforming both the methods and preferred targets of cybercriminal and nation-state actors. The report suggests that as enterprises further integrate AI agents into their operations, additional security measures are required to safeguard these autonomous, non-human identities and workflows from being compromised or manipulated.
Fox News
01-07-2025
- Fox News
SparkKitty mobile malware targets Android and iPhone
Bad actors constantly seek every bit of personal information they can get, from your phone number to your government ID. Now, a new threat targets both Android and iPhone users: SparkKitty, a powerful mobile malware strain that scans private photos to steal cryptocurrency recovery phrases and other sensitive data. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join my Researchers at cybersecurity firm Kaspersky recently identified SparkKitty. This malware appears to succeed SparkCat, a campaign first reported earlier this year that used optical character recognition (OCR) to extract sensitive data from images, including crypto recovery phrases. SparkKitty goes even further than SparkCat. According to Kaspersky, SparkKitty uploads images from infected phones without discrimination. This tactic exposes not just wallet data but also any personal or sensitive photos stored on the device. While the main target seems to be crypto seed phrases, criminals could use other images for extortion or malicious purposes. Kaspersky researchers report that SparkKitty has operated since at least February 2024. Attackers distributed it through both official and unofficial channels, including Google Play and the Apple App Store. Kaspersky found SparkKitty embedded in several apps, including one called 币coin on iOS and another called SOEX on Android. Both apps are no longer available in their respective stores. SOEX, a messaging app with cryptocurrency-related features, reached more than 10,000 downloads from the Google Play Store before its removal. On iOS, attackers deliver the malware through fake software frameworks or enterprise provisioning profiles, often disguised as legitimate components. Once installed, SparkKitty uses a method native to Apple's Objective-C programming language to run as soon as the app launches. It checks the app's internal configuration files to decide whether to execute, then quietly starts monitoring the user's photo library. On Android, SparkKitty hides in apps written in Java or Kotlin and sometimes uses malicious Xposed or LSPosed modules. It activates when the app launches or after a specific screen opens. The malware then decrypts a configuration file from a remote server and begins uploading images, device metadata, and identifiers. Unlike traditional spyware, SparkKitty focuses on photos, especially those containing cryptocurrency recovery phrases, wallet screenshots, IDs, or sensitive documents. Instead of just monitoring activity, SparkKitty uploads images in bulk. This approach makes it easy for criminals to sift through and extract valuable personal data. 1) Stick to trusted developers: Avoid downloading obscure apps, especially if they have few reviews or downloads. Always check the developer's name and history before installing anything. 2) Review app permissions: Be cautious of apps that request access to your photos, messages, or files without a clear reason. If something feels off, deny the permission or uninstall the app. 3) Keep your device updated: Install system and security updates as soon as they are available. These updates often patch vulnerabilities that malware can exploit. 4) Use mobile security software: The best way to safeguard yourself from malicious software is to have strong antivirus software installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices by visiting Both Apple and Google removed the identified apps after being alerted, but questions remain about how SparkKitty bypassed their app review processes in the first place. As app stores grow, both in volume and complexity, the tools used to screen them will need to evolve at the same pace. Otherwise, incidents like this one will continue to slip through the cracks. Do you think Google and Apple are doing enough to protect users from mobile malware and evolving security threats? Let us know by writing to us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Indian Express
26-06-2025
- Indian Express
This malware steals screenshots from your device: Everything to know about SparkKitty
A newly identified mobile malware named SparkKitty is targeting smartphone users through fake applications, stealing images from their photo galleries, including screenshots. These screenshots could likely contain cryptocurrency wallet recovery phrases or other sensitive details. The Trojan has been detected on Android and iOS platforms, and experts warn it poses a serious risk to the growing number of people managing digital assets on their phones. SparkKitty is classified as a Trojan virus, meaning it disguises itself as a genuine app but performs harmful actions in the background. Security researchers have found that it embeds itself in various fake apps, including crypto converters, messaging apps, and unofficial versions of the social media app TikTok. Some of these apps were even listed on official app stores before being taken down. SparkKitty appears to be a mobile version of an earlier malware known as SparkCat, which targeted macOS and Windows systems a few years ago. Notable overlaps were found by researchers at SecureList, a research wing of Kaspersky, between the two malware, suggesting a shift in attackers' tactics, with them now targeting smartphones as users increasingly rely on them to store and manage financial information. Once a user installs a fake app with SparkKitty embedded, it requests access to the phone's photo gallery. On Android, it scans all images using built-in tools to detect text within screenshots, especially those showing wallet recovery phrases or QR codes. On iPhones, the malware uses common coding libraries to bypass system restrictions and access stored photos and device information, as reported by cybersecurity firm Kaspersky, which originally discovered the virus. The primary purpose of SparkKitty is to gain control of users' cryptocurrency wallets. Many people store their wallet seed phrases (phrases that store all the information needed to recover Bitcoin funds) as screenshots for convenience, unaware that these unprotected images can be easily accessed by malware. Once these images are stolen, attackers can use the information to recover the wallets and transfer out the funds without the user's knowledge. Although the malware has mainly been found targeting users in Southeast Asia and China, cybersecurity experts caution that its distribution methods could allow it to spread globally. SparkKitty has been circulated through both official platforms, like the Play Store and App Store, as well as unofficial sources that offer pirated applications. Its use of misleading app names, convincing icons, and fake user reviews makes it difficult for average users to identify the threat. To stay protected from SparkKitty and similar threats, users are advised not to store sensitive information like bank account details, passwords, and recovery information as screenshots. Instead, security experts recommend writing them down and storing them securely offline. Apps should only be granted access to photos when absolutely necessary, and users should regularly review their app permissions. Suspicious apps, even those downloaded from your phone's official app store, should be removed, and devices should be kept updated with the latest security patches. Tools like Google Play Protect or reputable mobile antivirus software can also help detect malicious activity. (This article has been curated by Arfan Jeelany, who is an intern with The Indian Express)
Scottish Sun
24-06-2025
- Scottish Sun
Urgent warning to delete two dangerous apps that STEAL all your private photos and blackmail you for money
The stolen data could also be used for other malicious purposes, like extortion, if the images contain sensitive content GONE PHISHING Urgent warning to delete two dangerous apps that STEAL all your private photos and blackmail you for money Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) TWO dangerous apps have been banned for stealing the private photos of those who install it, allowing hackers to later blackmail victims. While the platforms have since been removed from the Google Play and Apple App Store, cybersecurity researchers have warned that TikTok clone apps may also be enacting the same attack. Sign up for Scottish Sun newsletter Sign up 4 The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play Credit: Kaspersky 4 SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android's official app store, according to Bleeping Computer Credit: Kaspersky 4 The photo-stealing malware, according to researchers, is running even more rampant on unofficial channels in the forms of TikTok clones, adult-themes games as well as gambling and casino apps Credit: Kaspersky Our smartphone camera rolls usually contain thousands of photos and screenshots - some of which could be used against you, cybersecurity researchers at Kaspersky have warned. This could be anything from bank statements, card details, photo ID and security code screenshots, to cheeky photos you'd rather keep private. The apps are thought to be embedded with a new strain of SparkCat malware - a form of malicious software, which Kaspersky discovered in January. The software, which appears to be targeting iPhone and Android devices, uses a special optical character recognition (OCR) tool to give hackers eyes inside your phone. Hackers are mostly using the malware to steal cryptocurrency wallet recovery phrases from images saved on infected devices. But, as Bleeping Computer noted, the stolen data could also be used for other malicious purposes, like extortion, if the images contain sensitive content. Dangerous apps The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play. SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android's official app store, according to Bleeping Computer. It's unclear how many people have installed 币coin. Once downloaded, the 币coin iOS app immediately requests access to the photo gallery, while SOEX on Android requests the storage permissions to access images. Huge Global Data Breach: 16 Billion Accounts at Risk It is important to always check what you are agreeing to when apps request permission to access the data on your device. If users grant the iOS app permission, the malware silently monitors the gallery for changes and steals any new images. On Android, the malware snatches images straight from the photo gallery, along with device identifiers and metadata, and hands them straight to hackers. Some versions of the malware, titled SparkKitty, only hunt for screenshots and images containing text - suggesting they are on the prowl for passwords and security codes. But there remains the risk of sextortion over nude images, or other forms of blackmail. If you have downloaded one of the infected apps, then it's important to delete it immediately. While the dangerous apps managed to evade Apple and Google's security measures to register on their app stores, it is still important to download apps only through these official channels. The photo-stealing malware, according to researchers, is running even more rampant on unofficial channels in the forms of TikTok clones, adult-themed games as well as gambling and casino apps. How to spot a dodgy app Detecting a malicious app before you hit the 'Download' button is easy when you know the signs. Follow this eight-point checklist when you're downloading an app you're unsure about: Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts. Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions. Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake. Research the developer - do they have a good reputation? Or, are totally fake? Check the release date - a recent release date paired with a high number of downloads is usually bad news. Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary. Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities. Check the icon - look closely, and don't be deceived by distorted, lower-quality versions the icons from legitimate apps. All of this information will available in both Apple's App Store and the Google Play Store.
The Irish Sun
24-06-2025
- The Irish Sun
Urgent warning to delete two dangerous apps that STEAL all your private photos and blackmail you for money
TWO dangerous apps have been banned for stealing the private photos of those who install it, allowing hackers to later blackmail victims. While the platforms have since been removed from the Google Play and Apple App Store, cybersecurity researchers have warned that TikTok clone apps may also be enacting the same attack. Advertisement 4 The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play Credit: Kaspersky 4 SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android's official app store, according to Bleeping Computer Credit: Kaspersky 4 The photo-stealing malware, according to researchers, is running even more rampant on unofficial channels in the forms of TikTok clones, adult-themes games as well as gambling and casino apps Credit: Kaspersky Our smartphone camera rolls usually contain thousands of photos and screenshots - some of which could be used against you, cybersecurity researchers at This could be anything from bank statements, card details, photo ID and security code screenshots, to cheeky photos you'd rather keep private. The apps are thought to be embedded with a new strain of SparkCat malware - a form of malicious software, which Kaspersky discovered in January. The software, which appears to be targeting iPhone and Android devices, uses a special optical character recognition (OCR) tool to give hackers eyes inside your phone. Advertisement READ MORE ON SCAMS Hackers are mostly using the malware to steal cryptocurrency wallet recovery phrases from images saved on infected devices. But, as Dangerous apps The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play. SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android's official app store, according to Bleeping Computer. Advertisement Most read in Tech Latest It's unclear how many people have installed 币coin. Once downloaded, the 币coin iOS app immediately requests access to the photo gallery, while SOEX on Android requests the storage permissions to access images. Huge Global Data Breach: 16 Billion Accounts at Risk It is important to always check what you are agreeing to when apps request permission to access the data on your device. If users grant the iOS app permission, the malware silently monitors the gallery for changes and steals any new images. Advertisement On Android, the malware snatches images straight from the photo gallery, along with device identifiers and metadata, and hands them straight to hackers. Some versions of the malware, titled SparkKitty, only hunt for screenshots and images containing text - suggesting they are on the prowl for passwords and security codes. But there remains the risk of sextortion over nude images, or other forms of blackmail. If you have downloaded one of the infected apps, then it's important to delete it immediately. Advertisement While the dangerous apps managed to evade Apple and Google's security measures to register on their app stores, it is still important to download apps only through these official channels. The photo-stealing malware, according to researchers, is running even more rampant on unofficial channels in the forms of TikTok clones, adult-themed games as well as gambling and casino apps. How to spot a dodgy app Detecting a malicious app before you hit the 'Download' button is easy when you know the signs. Follow this eight-point checklist when you're downloading an app you're unsure about: Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts. Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions. Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake. Research the developer - do they have a good reputation? Or, are totally fake? Check the release date - a recent release date paired with a high number of downloads is usually bad news. Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary. Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities. Check the icon - look closely, and don't be deceived by distorted, lower-quality versions the icons from legitimate apps. All of this information will available in both Apple's App Store and the Google Play Store. 4 If you have downloaded one of the infected apps, then it's important to delete it immediately Credit: Getty
