Bitget App
Trade smarter
Open
HomepageSign up
Bitget>
News>
SparkKitty malware steals crypto seed phrase screenshots

SparkKitty malware steals crypto seed phrase screenshots

Grafa2025/06/24 20:30
By: Heidi Cuthbert

Cybersecurity firm Kaspersky has identified SparkKitty, a malware targeting iOS and Android devices by stealing photos to capture cryptocurrency wallet seed phrases.

According to Kaspersky analysts Sergey Puzan and Dmitry Kalinin, SparkKitty infiltrates apps on the Apple App Store and Google Play, indiscriminately extracting all images from infected devices’ galleries.

The malware’s primary goal appears to be locating screenshots containing crypto wallet recovery phrases, though other sensitive images may also be compromised.

Two malicious apps distributing SparkKitty were found: 币coin, a crypto information tracker on the App Store, and SOEX, a messaging app with crypto exchange features on Google Play.

SOEX was installed over 10,000 times before Google removed it and banned its developer.

A Google spokesperson confirmed that Android users are protected by Google Play Protect against this app regardless of download source.

Kaspersky also discovered SparkKitty delivered via casino apps, adult-themed games, and fake TikTok clones.

SparkKitty is closely related to SparkCat, a malware identified in January that similarly scans photos for crypto wallet recovery phrases.

Both share features and file paths, suggesting a common origin.

“While not technically or conceptually complex, this campaign has been ongoing since at least the beginning of 2024 and poses a significant threat to users,” Puzan and Kalinin noted.

Unlike SparkCat, SparkKitty steals all photos rather than selectively targeting images.

The campaign mainly targets users in Southeast Asia and China, based on infected apps including Chinese gambling games and adult content.

“Judging by the distribution sources, this spyware primarily targets users in Southeast Asia and China,” the analysts said.

However, they added the malware has no technical restrictions preventing attacks on users in other regions.

Users are advised to exercise caution when downloading apps and to rely on security features like Google Play Protect to reduce infection risk.

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
PoolX: Earn new token airdrops
Lock your assets and earn 10%+ APR
Lock now!

You may also like

Bitcoin’s Next Move Could Set the Tone for Q4

All eyes are on Bitcoin as its next move may shape market direction heading into year-end.All Eyes on Bitcoin’s Next MoveTechnical and Macro Factors AlignVolatility Incoming: Be Prepared

Coinomedia2025/10/18 05:54

Trending news

More
1
Vitalik: I hope more researchers working on ZK and FHE can use overhead ratio to express performance instead of operations per second.
2
Ethena’s ENA Price Stabilizes Near $0.43 as Market Eyes $1.30 Target

Crypto prices

More
Bitcoin
Bitcoin
BTC
$107,358.66
+0.96%
Ethereum
Ethereum
ETH
$3,911.96
+3.37%
Tether USDt
Tether USDt
USDT
$1
+0.02%
BNB
BNB
BNB
$1,122.64
+3.61%
XRP
XRP
XRP
$2.37
+4.20%
Solana
Solana
SOL
$188
+4.88%
USDC
USDC
USDC
$1.0000
-0.01%
TRON
TRON
TRX
$0.3126
+0.71%
Dogecoin
Dogecoin
DOGE
$0.1891
+4.32%
Cardano
Cardano
ADA
$0.6377
+3.46%
How to sell PI
Bitget lists PI – Buy or sell PI quickly on Bitget!
Trade now
Become a trader now?A welcome pack worth 6200 USDT for new users!
Sign up now
Trade smarter