Electronic Trojan Steals Images Likely Containing Cryptocurrency Seed Phrases
A newly discovered mobile Trojan program, nicknamed “SparkKitty,” is stealing images from infected smartphones, an action likely aimed at extracting sensitive cryptocurrency seed phrases, according to cybersecurity firm Kaspersky.
Kaspersky issued the alert in a Tuesday report noting the malware is exploited via apps seemingly related to crypto trading, gambling, or modified versions of popular apps like TikTok.
Upon installation, usually through deceptive methods, SparkKitty requests photo gallery access and monitors the content, building a local database of stolen images. It then uploads photos to external servers.
“We suspect the attackers’ main goal is to find screenshots of crypto wallet seed phrases,” Kaspersky stated. A stolen seed phrase grants attackers full control over a user’s cryptocurrency.
The initial targeting appears focused on victims in China and Southeast Asia, though Kaspersky noted the malware has the potential to spread elsewhere.
- **Distribution Method:** Apps obtained from the App Store, Google Play, and third-party sources, often mimicking crypto tools or content platforms.
- **Suspected Link:** Kaspersky believes SparkKitty is connected to the prior SparkCat spyware campaign, first identified in January.
- **Technical Behavior:** Once installed, it requests gallery access, monitors photo changes, creates a local database, and uploads images remotely.
This threat joins a concerning trend of cryptocurrency-specific malware that has proliferated among cybercriminals in recent years, with many aiming to steal sensitive crypto wallet data.
