SparkKitty, a new dangerous malware, is targeting mobile devices to infiltrate cryptocurrency wallets. It searches through user image data to detect and steal recovery phrases.
In recent cases, this malware has infected phones through compromised applications, with many lure programs aimed at attracting cryptocurrency users. Fortunately, app store moderation has eliminated many of SparkKitty's attack channels.
How SparkKitty Targets Cryptocurrency Wallet Applications
The famous security company Kaspersky has identified this new malware today after months of observation across different mobile operating systems.
Previously in February, the company discovered SparkCat, an earlier version of this malware. After the previous detection, malware developers repackaged the trojan through new applications.
According to the company's full report, this malware specifically focuses on targeting cryptocurrency users, especially in China and Southeast Asia.
Hackers embedded SparkKitty into cryptocurrency-related applications, such as price tracking and messaging apps with cryptocurrency purchasing functions. A compromised messaging app, SOEX, was downloaded more than 10,000 times before being removed.
SparkKitty operators also expanded to include casino apps, adult websites, and fake TikTok copies. Even when users download an infected app, the malware does not automatically start searching for cryptocurrencies.
Instead, the app will function normally, requesting access to user photos. It will continue to appear normal even after obtaining this permission.
In other words, this malware will continuously scan image data to find signs of cryptocurrency recovery phrases, periodically checking the infected device.
Kaspersky researchers have many reasons to believe SparkKitty is an upgraded version of SparkCat. For example, they share many debug signatures, code structures, and even a few compromised application vectors.
However, SparkKitty is more ambitious than SparkCat. The previous malware focused on cryptocurrency security infiltration, while the upgraded version can infiltrate many other types of sensitive data.
Nevertheless, SparkKitty's primary priority remains searching for recovery phrases.
Overall, the best way for users to be cautious is to never store recovery phrases digitally. Do not take pictures of it.
There is no shortage of recent scams and malware that can infiltrate this password, thereby allowing attackers to steal all of your cryptocurrencies. It is important not to allow suspicious apps to access your device, but even more crucial to protect your recovery phrase.
