A new kind of mobile malware — dubbed SparkKitty — is taking aim at smartphones via dummy apps that want to pilfer your images, such as screenshots, from your photo gallery. These screenshots may well contain cryptocurrency wallet recovery sentences or other sensitive information. The Trojan has been discovered on both Android and iOS, and there is a legitimate concern about the increasing number of individuals who are taking care of their digital assets on the phone.
SparkKitty is considered a Trojan virus, which is an app that pretends to be a legit application, but does terrible things in the background. It comes embedded into various fake apps, including crypto converters, messaging apps and unauthorized versions of the social media app TikTok, according to security researchers. Some of those apps even made it onto official app stores before being removed.
SparkKitty seems to be a mobile refine of an older malware family named SparkCat, which targeted macOS and Windows platforms some years ago. Researchers at SecureList, a research unit of Kaspersky, found significant parallels between the malware, an indication that the attackers’ focus is shifting to mobile phones, devices that users are relying on more and more to store and manage financial information.
What does Sparkkitty do?
After a user has downloaded a fake app containing SparkKitty, it requests access to the phone’s photo gallery. On Android, it recognizes all images by way of native tools that detect text inside a screenshot or image, particularly if the images consist of wallet recovery phrases or QR codes. On iPhones, it doesn’t require the phone to be jailbroken to access stored photos and device information and instead abuses common coding libraries that interract with the file-sharing service.
SparkKitty’s main objective is to get the control of user’s cryptocurrency wallet. Lots of people save wallet seeds (phrases that store all the words necessary to recover bitcoin funds) as screenshots for convenience, but not realising these are unprotected and able to be easily grabbed by malware. Attackers, once in possession of these images, can then recover their wallets and drain the funds without the user even realising.
The malware has mostly been discovered to target users in Southeast Asia and China, but cybersecurity experts warn that its delivery methods suggest it could travel around the world. SparkKitty has been passed around on official platforms such as the Play Store and App Store as well as on unofficial channels that host pirated apps. The bad guys use deceptive app names, icons that look like popular apps, and false claims of user reviews to make users think they’re getting a quick, easy its-you-life/sripope payday loan app.
How to protect your phone from malware
To keep safe from the threat of SparkKitty and others like it, users are told they should not screenshot any sensitive information such as bank account numbers, passwords or recovery information. Instead, security experts suggest writing them down and keeping them offline in a safe place.
Apps should be enabled for photos access on a need basis, and the user should review the app permissions. Remove suspicious apps, even those downloaded from your phone’s official app store and keep devices up-to-date with the latest security updates
