A sophisticated new Trojan, known as “SparkKitty,” has emerged as a significant threat to smartphone users, siphoning off sensitive data and potentially draining cryptocurrency wallets, according to a report by Kaspersky released on Tuesday.
SparkKitty infiltrates devices through seemingly innocuous applications related to cryptocurrency trading, gambling platforms, and modified social media apps like TikTok, allowing it to cast a wide net and ensnare unsuspecting users.
The malware uses deceptive provisioning profiles to install itself on a user’s device, then requests access to the device’s photo gallery, monitoring for changes and uploading stolen images to a remote server controlled by the attackers.
Kaspersky suspects the attackers’ main goal is to find screenshots of crypto wallet seed phrases, which would grant them full access to a victim’s digital assets. This hypothesis underscores the significant financial motivation driving the malware’s creation.
While SparkKitty currently targets users primarily in China and Southeast Asia, Kaspersky warns that there is nothing to stop it from spreading to other regions, raising concerns for smartphone users worldwide.
The financial implications of such infrastructure attacks are substantial, with TRM Labs estimating that nearly 70% of the $2.2 billion worth of cryptocurrency stolen in the previous year was attributable to infrastructure attacks, particularly those involving the illicit acquisition of private keys and seed phrases.
Cybersecurity experts suggest a strong link between SparkKitty and a previously identified spyware campaign known as SparkCat, which utilized malicious Software Development Kits (SDKs) to gain unauthorized access to user photos. SparkKitty adopts a more indiscriminate approach, uploading photos to be processed later.
SparkKitty has been detected in applications available on both Android and iOS app stores, often disguised as legitimate crypto-themed tools or modified versions of popular social media applications, broadening its potential victim pool.
The malware is part of a growing pantheon of crypto-targeting malware and Trojans that have gained traction among cybercriminals, including the information stealer Noodlophile, which has been embedded within artificial intelligence (AI) tools available for download online.
The global fight against such cyber threats saw a significant victory in May when an international law enforcement effort targeted key infrastructure associated with the distribution of another potent strain of malware known as LummaC2, implicated in 1.7 million attempted thefts.
