- Malware-ridden apps snick to official app stores
- Sparkkitty steals photos to crack into your crypto -tevebook
- An infected app was downloaded over 10,000 times
A dangerous new malware stem targeting smartphone users has managed to sneak in to both the Google Play Store and the Apple App Store without being discovered, experts have warned.
Sparkkitty was first spotted by cybersecurity experts at Kaspersky in January 2025 and uses optical character recognition to scan through your photos and harvest cryptocurrency wallet recovery frases.
Most Crypto currency exchanges will ask a user to write down a memorable phrase when creating an account for recovery purposes, but many users will simply screen their memorable phrase – making it super easy for Sparkkitty to steal.
Snooping through photos and stealing crypto
Kaspersky says the sparkling malware is actively distributed over both the Google Play Store and the Apple App Store since February 2024, and has also been distributed in unofficial ways.
The infected apps have since been removed from both app stores.
In many cases, apps seemed to be legitimate and were designed for several purposes. An infected app called SOEX was downloaded over 10,000 times in the Google Play store and seemed to be a messaging app with cryptocurrency and exchange features -the perfect disguise for a malware designed to target cryptocurrency wallets.
Once the app is installed on a user’s device, the app will ask for permission to access and change the image library on both iOS and Android devices. After gaining access, the app then scans the photo library and will scan if it detects changes made in the photo library, such as new images added or deleted.
Outside of the threat of crypto drawing books, of course, there is the threat that users are extorted using other images that could be found in their photo library, but there is no evidence that this is happening so far.
Hackers are constantly developing new tactics to hide their malware on applications that can be distributed through reliable platforms such as the Apple App Store and Google Play Store.
Always remember to double -check that the application you download is made by a trusted developer is definitely the authentic version of the app you are looking for and have reliable reviews. If in doubt, don’t download it.
Also, be wary of apps asking for more permissions than they actually need, or apps requesting permission to create new configuration profiles and certificates. Finally, when creating a memorable phrase to recover an account, do not keep it stored where it can be easily stolen.
Many of the best cloud storage services and best password managers offer encrypted storage vault for storing important sentences.
