24.06.2025 11:22

Cybersecurity experts at Kaspersky have discovered a sophisticated new malware, dubbed "SparkKitty," targeting cryptocurrency users. This insidious program, affecting both iOS and Android devices, stealthily scans users' photo galleries for crucial cryptocurrency wallet recovery phrases.


Operating covertly, SparkKitty infects smartphones and systematically searches through saved images, specifically identifying screenshots containing the 12- or 24-word seed phrases used to access crypto wallets. Upon detection, the malware expertly extracts these sensitive credentials and transmits them to the attackers, enabling complete control over the victim's cryptocurrency holdings and resulting in potential financial losses.


The malicious software cleverly disguises itself as legitimate mobile applications, thereby avoiding immediate detection. Two notable examples include "币 coin," a cryptocurrency tracking app previously listed on the Apple App Store, and "SOEX," a messaging and trading app boasting over 100,000 downloads from Google Play. Following Kaspersky's notification, both applications have been removed from their respective app stores.


Researchers suspect SparkKitty's connection to SparkCat, a similar malware discovered earlier this year, due to shared code and operational similarities. While its primary focus has been on China and Southeast Asia since at least early 2024, Kaspersky's analysis highlights SparkKitty's potential for global expansion, driven by the widespread practice of storing seed phrase screenshots. This vulnerability underscores the urgent need for improved security practices.


Kaspersky strongly advises cryptocurrency users to refrain from storing sensitive recovery information within unencrypted photo albums. Furthermore, exercising caution when downloading mobile applications, particularly those from less reputable sources, is paramount to mitigating the risk of infection. Scrutinizing app permissions and reviews before installation can significantly reduce the likelihood of encountering malware such as SparkKitty.