What happened?
A new mobile malware campaign named “SparkKitty” was discovered by Kaspersky researchers, targeting both Apple’s App Store and Google Play. The malware specifically aims to steal screenshots of crypto wallet seed phrases stored in users’ photo galleries on iOS and Android devices. This sophisticated threat uses optical character recognition (OCR) technology to automatically scan and extract sensitive crypto-related information from images.
Who does this affect?
SparkKitty primarily targets users in Southeast Asia and China through infected apps disguised as popular applications like TikTok mods, crypto portfolio trackers, gambling games, and adult content apps. These apps, which request access to photo galleries, have bypassed official app store security measures and have been downloaded thousands of times. Users who store their crypto wallet seed phrases as screenshots are particularly at risk.
Why does this matter?
This malware campaign poses a significant threat to the crypto market by potentially facilitating large-scale theft of cryptocurrency holdings. By compromising individual wallets through stolen seed phrases, attackers can gain unauthorized access to users’ crypto assets. Additionally, the malware could be used in broader schemes involving crypto mining operations, turning compromised devices into profit-generating machines for cybercriminals.