Sparkkitty mobile malware targets Android and iPhone


NewYou can listen to Fox News articles now!

Bad actors keep looking for all the personal information they can get, from your phone number to your government ID. Now, a new threat targets Android and iPhone users: SparkKitty, a powerful mobile malware strain that scans private photos to steal cryptocurrency recovery phrases and other sensitive data.

Sign up for my free online report
Get my best technical tips, emergency security alerts, and exclusive deals delivered directly to your inbox. Plus, you’ll be visiting my Ultimate Scam Survival Guide now – Free when joining me cyberguy.com/newsletter.

A new threat targets Android and iPhone users.

A new threat targets Android and iPhone users. (apple)

What is Sparkkitty Mobile Malware

Researchers at cybersecurity company Kaspersky recently identified Sparkkitty. The malware appears to have succeeded in SparkCat, an event first reported earlier this year that uses optical role recognition (OCR) to extract sensitive data from images, including encrypted recovery phrases.

Sparkkitty goes further than Sparkcat. According to Kaspersky, SparkKitty uploaded images from infected phone calls without discrimination. This strategy not only reveals wallet data, but also reveals any personal or sensitive photos stored on the device. Although the main target appears to be encrypted seed phrases, criminals can use other images for ransomware or malicious purposes.

Kaspersky researchers report that Sparkkitty has been in operation since at least February 2024. The attackers distributed it through official and unofficial channels, including Google Play and the Apple App Store.

Sparkkitty uploaded images from infected phone calls without discrimination.

Sparkkitty uploaded images from infected phone calls without discrimination. (Kurt “Cyber​​guy” Knutsson)

How Sparkkitty malware infects Android and iPhone devices

Kaspersky discovered that Sparkkitty was embedded in multiple applications, including one called a coin on ios and another called Soex on Android. Both apps are no longer available in their respective stores. SOEX is a messaging app with cryptocurrency-related features that downloaded over 10,000 downloads from the Google Play Store before deletion.

On iOS, attackers deliver malware through fake software frameworks or enterprise profiles, often masquerading as legitimate components. After installation, SparkKitty uses the native method of the Apple Objective-C programming language to run immediately after the application starts. It checks the application’s internal configuration file to decide whether to execute, and then quietly starts monitoring the user’s photo library.

On Android, Sparkkitty is hidden in applications written in Java or Kotlin, sometimes using malicious Xposed or LSPOPED modules. It activates after the application starts or a specific screen opens. The malware then decrypts the configuration file from the remote server and starts uploading images, device metadata, and identifiers.

On iOS, attackers deliver malware through fake software frameworks or enterprise-provided configuration files.

On iOS, attackers deliver malware through fake software frameworks or enterprise-provided configuration files. (apple)

Why Sparkkitty is more dangerous than previous malware

Unlike traditional spyware, SparkKitty focuses on photos, especially those that contain cryptocurrency recovery phrases, wallet screenshots, IDs, or sensitive documents. Sparkkitty not only monitors activities, but also uploads images in batches. This approach allows criminals to easily screen and extract valuable personal data.

4 Ways to Protect Your Phone from Sparkkitty Mobile Malware

1) Stick to trustworthy developers: Avoid downloading obscure apps, especially when they have few comments or downloads. Always check the developer’s name and history before installing anything.

2) Review application permissions: Treat your photos, messages or files with caution without a clear reason for the application. If you feel anything, please refuse permission or uninstall the application.

3) Keep the device updated: Install system and security updates immediately after they are available. These updates usually fix vulnerabilities that malware can exploit.

4) Use mobile security software: The best way to protect yourself from malware is to install powerful antivirus software on all devices. By visiting, please visit the best 2025 Antivirus Protection Award Winners for your Windows, Mac, Android and iOS devices cyberguy.com/lockupyourtech.

Kurt’s key points

Both Apple and Google deleted identified apps after being reminded, but questions remain about SparkKitty bypassing its app audit process in the first place. As the number and complexity of the App Store grows, the tools used to filter them will need to evolve at the same rate. Otherwise, such events will continue to slide through the cracks.

Do you think Google and Apple are doing enough ways to protect users from mobile malware and evolving security threats? By writing to us, let us know cyberguy.com/contact.

Sign up for my free online report
Get my best technical tips, emergency security alerts, and exclusive deals delivered directly to your inbox. Plus, you’ll be visiting my Ultimate Scam Survival Guide now – Free when joining me cyberguy.com/newsletter.

Copyright 2025 Cyber​​Guy.com. all rights reserved.

Kurt “Cyberguy” Knutsson is an award-winning tech journalist who has a great love for technology, gear and gadgets, and his contribution to Fox News & Fox Business makes life better. Are there any technical problems? Get Kurt’s free online newsletter to share your voice, story ideas or comments Cyber​​guy.com.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Threads gets its own DMs as app distances itself from Instagram
Boxing results: Eric Priest defeated “Herke” Taylor Howard
M23 rebels killing the governor Peter Chirimwami
Hamas releases list of next batch of Israeli hostages to be released