Beware of SparkKitty! The new spyware that steals your crypto credentials
A new and dangerous mobile spyware, dubbed SparkKitty, is wreaking havoc, infiltrating the official app stores of Apple and Google. This malware disguises itself as apps related to cryptocurrencies or modified versions of other applications to steal images of your seed phrases and wallet credentials if you have them stored as photos on your phone.
SparkKitty is an evolution of another malware, SparkCat, and its main novelty is that it has managed to sneak into the official app stores. It uses modified frameworks and libraries on both iOS and Android to scan your photo gallery. If it detects images with seed phrases or private keys (thanks to Google ML Kit's OCR), it marks them and sends them to the attackers' servers.
Although Apple and Google have already removed the identified applications, Kaspersky researchers warn that the campaign could remain active through downloads from unofficial sources or cloned app stores. While it has focused on users in China and Southeast Asia, its reach could be global.
🔺 What does this mean for you?
Never store your seed phrases, private keys, or any credential for your crypto wallet as a photo on your phone. It is an extremely insecure practice and this type of malware is specifically designed to exploit it. Use more secure methods to store this information, such as secure password managers or cold storage.
