- Malware-ridden apps are sneaking on to official app stores
- SparkKitty will steal photos to crack into your crypto wallet
- One infected app was downloaded over 10,000 times
A dangerous new malware strain targeting smartphone users has managed to sneak on to both the Google Play Store and the Apple App Store without being detected, experts have warned.
SparkKitty was first spotted by cybersecurity experts at Kaspersky in January 2025, and uses optical character recognition to scan through your photos and harvest cryptocurrency wallet recovery phrases.
Most crypto currency exchanges will tell a user to write down a memorable phrase when creating an account for recovery purposes, but many users will simply screenshot their memorable phrase – making it super easy for SparkKitty to steal.
Snooping through photos and stealing crypto
Kaspersky says the SparkKitty malware has been actively distributed across both the Google Play Store and Apple App Store since February 2024, and has also been distributed through unofficial means as well.
The infected apps have since been removed from both app stores.
In many cases, the apps appeared to be legitimate and were designed for numerous purposes. One infected app called SOEX was downloaded over 10,000 times on the Google Play Store, and appeared to be a messaging app with cryptocurrency trading and exchange features – the perfect disguise for a malware designed to target cryptocurrency wallets.
Once installed on a user’s device, the app will ask for permission to access and modify the image library on both iOS and Android devices. After being granted access, the app then scans the image library and will re-scan if it detects modifications being made to the image library, such as new images being added or deleted.
Obviously, outside of the threat to crypto wallets there is the threat of users being extorted using other images that could be found in their image library, but there is no evidence of this happening so far.
Hackers are constantly developing new tactics to hide their malware on applications that can be distributed through trusted platforms such as the Apple App Store and Google Play Store.
Always remember to double check that the application you are downloading is made by a trusted developer, is definitely the authentic version of the app you are looking for, and has trustworthy reviews. If in doubt, don’t download it.
Also be wary of apps that ask for more permissions than they actually need, or apps that request permission to create new configuration profiles and certificates. Finally, when creating a memorable phrase for recovering an account, don’t keep it stored where it can be easily stolen.
Many of the best cloud storage services and best password managers offer encrypted storage vaults for storing important phrases.
You might also like
- Get rid of that pesky virus with the best endpoint protection tools
- The best antivirus software can keep your devices malware free
- Screen reading malware found in iOS app stores for first time – and it might steal your cryptocurrency