Latest news with #SparkKitty
Forbes
18 hours ago
- Forbes
Android And iPhone Users Warned — This Malware Steals All Your Photos
Beware this photo-stealing iOS and Android malware. Your smartphone, be it an Apple iPhone or any of the myriad Android models, goes everywhere with you, knows everything about you, and puts you in the crosshairs of hackers worldwide. You've likely read about AI-powered threats that have led to the FBI advising all smartphone users to deploy a secret code if they take certain calls, and you will be aware of dangerous SMS text messages. Now, security researchers at Kaspersky have warned that a malicious new campaign has infiltrated both the Apple App Store and Google Play with malware that steals all your photos. All. Of. Them. Here's everything you need to know about the SparkKitty threat. How SparkKitty Targets Android And iPhone Devices Smartphone apps: you can't live without them, and neither can hackers. Earlier this year, I reported how researchers at Bitdefender had uncovered more than 300 malicious apps that had made their way into the Google Play App Store and were consequently downloaded 60 million times. No wonder 1 in 4 Americans think that someone is spying on their Android or iPhone smartphone. But threats aren't all about big numbers; just one malicious app can do a lot of costly damage. Researchers at Kaspersky have uncovered such an app, one that has made its way into both the official app stores, targeting Android and iPhone users in the most insidious way. 'We've once again come across a new type of spyware that has managed to infiltrate the official app stores,' Sergey Puzan and Dmitry Kalinin, malware analysts working at Kaspersky, said in a June 23 report. Rather worryingly, the threat campaign is known to have been active since at least February 2024, the report confirmed. Rather worrying is somewhat of an understatement when you realize that the SparkKitty malware will indiscriminately steal all the images from your smartphone photo gallery. Just let that sink in for a moment. The report revealed that the malware could be related to an earlier threat called SparkCat, which specifically targeted images of cryptocurrency wallet recovery 'seed' phrases stored on the infected phone. The apps have both been removed from the respective app stores at the time of writing. The apps were, Kaspersky has said, 币coin on the iPhone and SOEX on Android. If you have either on your smartphone, delete it immediately. A Google spokesperson said that the developer of the Android app has now been banned, and that "Android users are automatically protected against this app regardless of download source by Google Play Protect, which is on by default on Android devices with Google Play Services." I have reached out to Apple for a statement.
Tom's Guide
a day ago
- Tom's Guide
SparkKitty spyware caught stealing photos on iPhone and Android — and the reason might surprise you
Whether you use an iPhone or an Android phone, chances are, there's plenty of sensitive personal and financial information on your smartphone. While hackers have been known to go after your passwords, there's a new malware strain making the rounds online that also has your photo library in its sights. As reported by BleepingComputer, both the best iPhones and the best Android phones are currently being targeted in a new campaign that uses SparkKitty to steal all of the images of an infected device. According to the cybersecurity firm Kaspersky, this campaign has been active since February of last year. However, what sets it apart is the fact that the malware in question found its way onto both Apple's App Store and the Google Play Store. If you thought the hackers behind this campaign were after your selfies, think again. Instead, they're looking for screenshots of crypto wallet seed phrases. For those unfamiliar, these very important phrases are the only way you can regain access to a crypto wallet if you forget your password. With them in hand though, hackers can easily drain all of your digital currency and good luck trying to get it back. Here's everything you need to know about this new campaign along with some tips and tricks on how you can avoid having your Android phone or even your iPhone come down with a nasty malware infection. Just like with many other malware campaigns, this one uses malicious apps to establish a foothold on targeted devices before infecting them with SparkKitty. In its report on the matter, Kaspersky explains that the hackers behind this campaign used the SOEX messaging app which also has cryptocurrency exchange features to target Android users directly on the Google Play Store. Meanwhile, on iPhone, they used the 币coin app on Apple's App Store to achieve the same thing. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. While Google has already removed the SOEX app from the Play Store, at the time of writing, the 币coin app is still up on the App Store and has yet to be removed by Apple. Either way, if you downloaded either of these apps, you should manually delete them right now. At the same time, Kaspersky also found modded TikTok clones with fake online cryptocurrency stores as well as gambling apps, adult-themed games and casino apps distributing the SparkKitty malware. However, instead of being available on an official app store, these apps had to be sideloaded. SparkKitty is embedded as fake frameworks or delivered via enterprise provisioning profiles on iOS whereas on Android, the malware is embedded in both Java and Kotlin apps. On an iPhone, the malware is automatically executed when an app starts but on Android, it's triggered when an app launches or when a specific action like opening a certain screen type takes place. To gain access to a victim's photo library, SparkKitty requests access to an iPhone's photo gallery but on Android, the malicious app used to install the malware prompts the user to grant storage permissions so that it can access any images stored on their device. Either way, once installed, the malware begins exfiltrating both existing pictures and any new ones taken on an infected phone. From there, the malware goes through all of these stolen images, specifically looking for screenshots of crypto wallet seed phrases. When you sign up for a new crypto wallet or exchange, you're given a seed phrase and told to write it down to store it for safekeeping. Although taking a screenshot seems like a fast and practical way to do this, this campaign and others like it show just how dangerous doing this can be. This is why old-fashioned paper and pen is the best way to store your seed phrases. However, you should also store them under lock and key to protect them further. Although you can end up with a malware infection from clicking on malicious links, downloading email attachments from unknown senders and through piracy, one of the most common ways is via malicious apps either on official or unofficial app stores. For this reason, you need to be extremely careful when putting any new app on your iPhone or Android phone. You want to make sure that you read an app's reviews and check its rating but since these can be faked, you also want to look for external reviews on other sites. If you can find one, video reviews are an even better option since you get to see an app in action before installing it. It's also worth noting that even good apps can go bad when injected with malicious code which is why I always recommend limiting the number of apps you have installed on your devices. With fewer apps installed, there's less of a risk that you downloaded a malicious one or that a legitimate app has been hijacked by hackers. Before downloading any new app, you first want to ask yourself if you really need it. It's likely one of your existing apps or even your phone's operating system is able to accomplish the same thing. I always recommend limiting the number of apps you have installed on your devices. With fewer apps installed, there's less of a risk that you downloaded a malicious one. Additionally, you also want to stick to trusted and well-known apps when possible and for most people, you should never sideload any app onto your phone. The reason being is that the apps on Apple's App Store and the Google Play Store go through rigorous security checks that both sideloaded apps and those from unofficial app stores don't. Bad apps do manage to slip through the cracks from time to time. However, if you aren't carelessly downloading new ones, you'll be far less likely to accidentally install a malicious app. As for staying safe from mobile malware, if you have an Android phone, you want to make sure that Google Play Protect is enabled on your devices. This free and built-in security app scans all of your existing apps and any new ones you download for malware or other malicious activity to keep you safe. For extra protection though, you might also want to consider running one of the best Android antivirus apps alongside it. While there's no equivalent to these Android antivirus apps due to Apple's own malware scanning restrictions, the best Mac antivirus software from Intego is able to scan both your iPhone or iPad for malware but they have to be plugged into a Mac via USB cable to do so. Malicious apps aren't going anywhere anytime soon given how successful they've been for hackers in malware campaigns like the one described above. However, if you think before you tap and limit the number of apps on your phone overall, your chances of ending up with a malware infection after downloading a malicious app will be a lot lower. Likewise, you also want to make sure that you talk to both your younger and older family members and friends about the risks posed by malicious apps in order to keep everyone you know safe from hackers.
