NewNow you can hear Fox News article!
Bad actors can constantly get every personal information from your phone number to your government ID. Now, a new danger targets both users: sparkkitty, a powerful mobile malware stress that scans private photos to steal cryptocurrency recovery phrases and other sensitive data.
Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com/newsletter.
A new threat targets both users and the iphone. (Apple)
What is sparkkitty mobile malware
Researchers at Cyber ​​Security firm Kaspasky recently identified sparkcitti. This malware appears to make Sparkcat a success, an expedition first reported earlier this year to remove optical character recognition (OCR) to extract sensitive data from images, including crypto recovery phrases.
Sparkkitty also goes beyond sparkcat. According to Kaspersky, sparkkitty uploads images from an infected phone without discrimination. This strategy highlights not only the wallet data, but also any individual or sensitive photos stored on the device. While the main goal appears to be the crypto seed phrase, criminals may use other images for forced recovery or malicious purposes.
Kaspersky researchers reported that Sparkkitty operated at least from February 2024. The attackers distributed it through official and informal channels, including Google Play and Apple App Store.
Sparkkitty uploads images from an infected phone without discrimination. (Kurt “Cybergui” Notson)
How sparkcitty malware infects Android and iPhone devices
Kaspersky embedded sparkcitti in several apps, which is called IOS in Coin and Soex on another Android. Both apps are no longer available in their respective stores. A messaging app with a cryptocurrency-related features, Sox, before removing it, reached more than 10,000 downloads from Google Play Store.
On iOS, the attackers distribute malware through fake software framework or enterprise provisioning profiles, which are often disguised as legitimate components. Once established, the Sparkkitty app uses the native of Apple’s objective-C programming language as soon as the app is launched. It examines the app’s internal configuration files to decide whether to execute the user’s photo library quietly.
On Android, Sparkkitty hides in apps written in Java or Kotlin and sometimes uses malicious xposed or lsposed modules. It becomes active when the app is launched or after a specific screen opens. The malware then decipses a configuration file from a remote server and begins to upload images, devices metadata and identifiers.
On iOS, attackers distribute malware through fake software framework or enterprise provisioning profiles. (Apple)
Why sparkcitti is more dangerous than previous malware
Unlike traditional spyware, sparkcilage focuses on photos, especially with cryptocurrency recovery phrases, wallet screenshots, IDs or sensitive documents. Instead of monitoring activity only, Sparkkitty uploads pictures in bulk. This approach makes it easy for criminals to squeeze and remove valuable personal data.
4 ways to protect your phone from sparkkitty mobile malware
1) Stick to reliable developers: Avoid downloading vague apps, especially if they have some reviews or downloads. Always check the name and history of the developer before installing anything.
2) Review app permissions: Be cautious with apps that request access to your photos, messages or files without a clear reason. If something is felt, deny permission or uninstall the app.
3) Keep your device updated: Install the system and security updates as soon as they are available. These updates often patch weaknesses that can exploit malware.
4) Use mobile safety software: The best way to protect yourself from malicious software is to install strong antivirus software on all your devices. Get my pics for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices Cyberguy.com/Lockupyourtch.
Kurt’s key to Techway
Both Apple and Google removed the known apps after being cautious, but questions remain about how Sparkkitty bypassed its app review processes to the first place. As app stores grow, in both volumes and complexity, they will need to develop the equipment used to screen at the same speed. Otherwise, such incidents keep slipping through a rift.
Do you think Google and Apple are enough to protect users from mobile malware and develop security threats? Write us and tell us Cyberguy.com/Contact.
Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com/newsletter.
Copyright 2025 cyberguy.com. All rights reserved.
