2 min read
A fresh mobile malware dubbed SparkKitty has emerged as a dangerous spyware targeting both iPhones and Android phones. It works by siphoning off users’ private photos and screenshots.
Researchers at Kaspersky have warned that the malware has been active since early 2024 and has infiltrated even the official Apple App Store and Google Play through seemingly innocent apps. These apps, such as a crypto-themed “币coin” on iOS and the SOEX messaging app on Android, requested photo-gallery permissions and then quietly uploaded images to hackers’ servers.
Unlike its predecessor SparkCat, SparkKitty Spyware focuses not just on crypto-wallet seed phrases but scours entire photo libraries, including innocent snapshots, for sensitive content. It uses optical character recognition to pick out screenshots containing text, especially financial or identity-related, and sends them to attackers.
Experts say SparkKitty operates silently once permissions are granted. On iOS, it uses developer provisioning profiles to bypass App Store rules, while on Android it piggybacks on Java or Kotlin code within legitimate-looking apps. Once inside, it uploads existing images and any new ones in near real time.
Kaspersky also advises limiting screenshots of sensitive information like crypto seed phrases and relying on physical backups instead. Android users should enable Google Play Protect and antivirus software, while iPhone users may need third-party Mac-based tools to detect hidden malware.
