SparkKitty, a new malware that steals screenshots from your phone: Everything you need to know

SparkKitty a newly identified mobile malware is targeting smartphone users through fake applications, stealing images from their photo galleries, including screenshots that contain cryptocurrency wallet recovery phases or other sensitive details. Detected on Android and iOS platforms, experts warn it poses a serious risk to the growing number of people managing digital assets on their phones.

Classified as a Trojan Virus, this malware disguises itself as a genuine app but performs harmful actions in background. Security researchers have discovered that SparkKitty embeds itself in various fake apps, including crypto converters, messaging apps, and unofficial versions of the social media app TikTok. With primary purpose to gain control of users’ cryptocurrency wallets. Unaware that unprotected images can be easily accessed by malware, many people store their wallet seed phases as screenshot for convenience. Once these images are stolen, attackers use the information to recover the wallets and transfer out the funds without the user’s knowledge.

Though SparkKitty has been found targeting users mainly in Southeast Asia and China, cybersecurity experts are warning that it could spread worldwide due to its distribution methods. The malware is being circulated through official platforms, like the Play Store and App Store, as well as unofficial sources that offer pirated applications. Its use of misleading app names, convincing icons, and fake user reviews makes it difficult for average users to identify the threat.

SparkKitty seems like it is the mobile version of an earlier malware “SparkCat”, that targeted macOS and Windows systems a few years ago. Common characteristics between the two malwares were found by researchers at SecureList, a research wing of Kaspersky, suggesting a shift in attackers’ tactics, with them now targeting smartphones as users increasingly rely on them to store and manage financial information.

What does SparkKitty do?

Reported by cybersecurity firm Kaspersky, which originally discovered the virus, once a SparkKitty embedded, fake app is installed, access is requested to the user’s phone’s photo gallery. On Android, all images are scanned using built-in tools to detect text within screenshots, especially those showing wallet recovery phrases or QR codes. On iPhones, common coding libraries is used by the malware to bypass system restrictions and access stored photos and device information.

How to protect your phone from SparkKitty?

Security experts advise users not to store sensitive information like bank account details, passwords, and recovery information as screenshots, instead, recommend writing them down and storing them securely offline.

Apps should be granted access to photos only when absolutely necessary, and users should regularly review their app permissions. Suspicious apps, even those downloaded from your phone’s official app store, should be removed, and devices should be kept updated with the latest security patches.

For more information on IT Services, Web Applications & Support kindly call or WhatsApp at +91-9733733000 or you can visit https://www.technodg.com