SparkKitty mobile malware targets Android and iPhone
Cybersecurity threats continue to evolve, with bad actors constantly finding new ways to steal personal information from unsuspecting users. The latest threat to target both Android and iPhone users is SparkKitty, a powerful mobile malware strain that scans private photos to steal sensitive data, including cryptocurrency recovery phrases.
Researchers at cybersecurity firm Kaspersky recently identified SparkKitty as a successor to SparkCat, a campaign that used optical character recognition (OCR) to extract sensitive data from images. SparkKitty takes this a step further by uploading images from infected phones without discrimination, exposing not only wallet data but also personal or sensitive photos stored on the device. While the main target appears to be crypto seed phrases, criminals could potentially use other images for extortion or malicious purposes.
SparkKitty has been operating since at least February 2024 and has been distributed through both official and unofficial channels, including Google Play and the Apple App Store. The malware is embedded in apps such as 币coin on iOS and SOEX on Android, which have since been removed from their respective stores.
On iOS, attackers deliver the malware through fake software frameworks or enterprise provisioning profiles, while on Android, SparkKitty hides in apps written in Java or Kotlin. The malware activates when the app launches and begins uploading images, device metadata, and identifiers to a remote server.
Unlike traditional spyware, SparkKitty focuses on photos, particularly those containing sensitive information like cryptocurrency recovery phrases and IDs. This makes it easier for criminals to extract valuable personal data from the uploaded images.
To protect your phone from SparkKitty and other mobile malware, follow these tips:
1) Stick to trusted developers and avoid downloading obscure apps.
2) Review app permissions and be cautious of apps that request access to sensitive information.
3) Keep your device updated with the latest security patches.
4) Use mobile security software to safeguard against malicious software.
Both Apple and Google have removed the identified apps containing SparkKitty, but questions remain about how the malware bypassed their app review processes. As the app stores continue to grow, the screening tools must evolve to keep pace with evolving security threats.
Do you think Google and Apple are doing enough to protect users from mobile malware and evolving security threats? Let us know your thoughts by visiting CyberGuy.com/Contact.
Stay informed and protected by signing up for the CyberGuy Report, where you can receive tech tips, security alerts, and exclusive deals straight to your inbox. Plus, get instant access to the Ultimate Scam Survival Guide by joining at CYBERGUY.COM/NEWSLETTER.
Copyright 2025 CyberGuy.com. All rights reserved. Kurt “CyberGuy” Knutsson is an award-winning tech journalist who shares his love of technology and gadgets on Fox News & FOX Business. For tech questions, story ideas, or comments, visit CyberGuy.com.
