SparkKitty: A Malware Threat to Crypto Wallets
Introduction
SparkKitty is a dangerous new malware that targets mobile devices to compromise crypto wallets by searching through users’ image data to uncover and steal seed phrases.
In recent cases, the malware infected phones through compromised apps, using bait programs designed to lure crypto users. Thankfully, app store moderation has removed many of SparkKitty’s attack vectors.
How SparkKitty Targets Crypto Wallet Apps
Popular security firm Kaspersky identified this new malware today after months of observation across different mobile operating systems.
Earlier in February, Kaspersky discovered SparkCat, an earlier version of this malware. After the discovery, malicious developers repackaged this trojan through new apps.
According to Kaspersky’s full report, SparkKitty specifically targets crypto users, especially in China and Southeast Asia.
Hackers embedded SparkKitty into crypto-related apps, such as price trackers and messengers with crypto-buying functionality. One compromised messenger, SOEX, was downloaded over 10,000 times before removal.
SparkKitty’s operators branched out to include casino apps, adult sites, and fake TikTok clones. If a user downloaded a contaminated app, the malware wouldn’t automatically activate.
Instead, the app would function normally, asking for access to users’ photos, appearing legitimate even after gaining permission.
The malware would repeatedly scan image data for signs of a crypto seed phrase, periodically double-checking the compromised device.
Kaspersky’s researchers believe SparkKitty is an upgraded version of SparkCat, sharing debug symbols and code structures. However, SparkKitty is more ambitious, capable of compromising various types of sensitive data while still focusing primarily on uncovering seed phrases.
Conclusion
The best safety measure for users is never to store seed phrases digitally, not even through photos. With the rise of scams and malware capable of compromising this key information, it is crucial to avoid giving sketchy apps access to your devices and to protect your seed phrase vigilantly.
Comments (0)