A recently identified Trojan known as SparkKitty is targeting smartphones in China and Southeast Asia, potentially compromising cryptocurrency wallets. The malware, which is embedded in apps for crypto trading, gambling, and modified versions of TikTok, gains access through deceptive provisioning profiles. Once installed, it requests permission to access the phone’s photo gallery, creating a database of stolen images which are then uploaded to a remote server. Cybersecurity firm Kaspersky suggests the main objective of the attackers is to extract screenshots of cryptocurrency wallet seed phrases. While currently focused on specific regions, the threat could easily spread more widely. SparkKitty is linked to the earlier SparkCat spyware campaign, which also exploited SDKs to access user images. SparkKitty indiscriminately uploads pictures for later analysis, increasing the risk of credential theft as these seed phrases grant complete access to users’ crypto wallets. This malware trend highlights ongoing vulnerabilities in the crypto space, where thefts of private keys and seed phrases are prevalent.

Source 🔗