A new mobile spyware, SparkKitty, has infiltrated both Apple's App Store and Google Play, targeting users who store their wallet details and seed phrases as photos. This malware, a successor to SparkCat, uses modified frameworks to exfiltrate sensitive data from mobile devices. SparkKitty spreads through seemingly legitimate crypto-themed apps and utilizes optical character recognition (OCR) to identify seed phrases and private keys within photos. Once detected, these images are uploaded to the attacker's servers. Victims are often tricked into trusting a developer certificate that grants system-level permissions to the malware. Despite the removal of affected apps from official stores, the threat persists via sideloaded and clone variants. This malware appears to predominantly target users in China and Southeast Asia, but its scope is global. Researchers urge users to exercise caution and avoid storing sensitive information in accessible formats on their devices.

Source šŸ”—