- Malware -filled applications are sneaked into official application stores
- Sparkkitty will steal photos to break in your cryptographic wallet
- An infected application was downloaded more than 10,000 times
A new dangerous malware tension aimed at smartphone users has managed to sneak in both Google Play Store and the Apple App Store without being detected, experts warned.
Sparkkitty was first seen by cybersecurity experts in Kaspersky in January 2025, and uses the recognition of optical characters to scan their photos and reap recovery phrases of the cryptocurrency wallet.
Most cryptographic currency exchanges will tell a user to write a memorable phrase when creating an account for recovery purposes, but many users simply capture their memorable phrase, which makes it very easy for Sparkkitty to steal.
Spreading photos and stealing cryptography
Kaspersky says that Sparkkitty malware has been actively distributed in Google Play Store and Apple App Store since February 2024, and has also been distributed through unofficial means.
Since then, infected applications have been deleted from both application stores.
In many cases, applications seemed to be legitimate and were designed for numerous purposes. An infected application called SoEx was downloaded more than 10,000 times on Google Play Store, and seemed to be a messaging application with cryptocurrency exchange and trade characteristics, the perfect costume for malware designed to direct cryptocurrency wallets.
Once installed on a user’s device, the application will request permission to access and modify the image library on iOS and Android devices. After receiving access, the application then scan the images library and scanning again if it detects modifications that are made in the image library, such as the new images that are added or removed.
Obviously, outside the threat of cryptographic wallets, there is the threat that users are extorted using other images that can be found in their images library, but there is no evidence that this happens so far.
Computer pirates are constantly developing new tactics to hide their malware in applications that can be distributed through reliable platforms such as Apple App Store and Google Play Store.
Always remember to verify that the application you are downloading is made by a trusted developer, it is definitely the authentic version of the application you are looking for and has reliable reviews. In case of doubt, do not download it.
Also be careful with the applications that request more permits than they really need, or applications that request permission to create new configuration profiles and certificates. Finally, when creating a memorable phrase to recover an account, do not keep it stored where you can easily steal.
Many of the best cloud storage services and the best password administrators offer encrypted storage vaults to store important phrases.
