SparkKitty steals gallery images, seeking crypto seed‑phrase screenshots.
Distributed via disguised crypto apps on App Store & Google Play.
Users in Southeast Asia/China targeted; global expansion possible.
Discovered by Kaspersky in June 2025, SparkKitty is a photo-stealing malware that targets iOS and Android users. It spreads through crypto-themed apps that seem legitimate but are designed to access the user’s photo gallery. Once installed, SparkKitty scans images—especially screenshots of wallet seed phrases—and sends them to a remote server controlled by attackers.
Unlike earlier malware like SparkCat, which uses OCR to analyze images before stealing, SparkKitty grabs all photos indiscriminately, likely aiming to exploit the common practice of saving seed phrases as screenshots.
How It Spreads
Infected Apps
On iOS, an app named “币 coin” passed Apple’s review process and appeared in the App Store. On Android, the malware was embedded in an app called SOEX, disguised as a messaging app with crypto exchange features. SOEX was downloaded over 10,000 times before removal.
Phishing Websites
Cybercriminals also distribute SparkKitty via third-party sites, offering fake TikTok mods and entertainment apps. iOS users are tricked into installing developer profiles to bypass App Store protections.
Who’s Affected and What to Do
Target Regions
Most victims so far are in Southeast Asia and China, but SparkKitty’s code doesn’t limit its reach—meaning anyone worldwide could be at risk.
Protection Tips
Avoid apps that request photo access without reason.
Never store seed phrases as screenshots.
Delete any crypto-related screenshots immediately.
Stick to apps from verified developers.
On iOS, remove unknown device profiles via Settings → General → Device Management.
Consider using a trusted antivirus tool to detect malicious activity.
ALERT: New malware SparkKitty steals seed phrase screenshots from infected phones via crypto-themed apps on iOS and Android, warns Kaspersky. pic.twitter.com/oJ0rRYrvpV
— Cointelegraph (@Cointelegraph) June 24, 2025
Why It Matters
Seed phrases give full access to crypto wallets. With SparkKitty harvesting them from galleries, crypto investors are facing a real and growing risk. The malware’s infiltration of official app stores underlines the need for constant vigilance—even with apps that seem safe.
Read Also :
SparkKitty Malware: Crypto Seed Phrase Thief
Fidelity Adds $166M in Bitcoin and Ethereum
Crypto Firms Warned: DTSP License Rules in Singapore
VinanzBTC Boosts Bitcoin Holdings with New Purchase
Most Popular Crypto in 2025: Why BlockDAG, Cosmos, Cronos, & Render Are Heating Up This Month!
The post SparkKitty Malware: Crypto Seed Phrase Thief appeared first on CoinoMedia.
