- Malicious applications sneak in official application stores
- Sparkkitty will steal photos to crack in your cryptographic wallet
- An infected application has been downloaded more than 10,000 times
A new dangerous strain of malicious software targeting smartphones users has managed to sneak both on the Google Play Store and the Apple App Store without being detected, experts warned.
Sparkkitty was spotted for the first time by Kaspersky cybersecurity experts in January 2025 and uses the optical recognition of the characters to browse your photos and collect recovery sentences from cryptocurrency.
Most Crypto currency exchanges will indicate a user to note a memorable sentence when creating an account for recovery purposes, but many users will simply be captured by their memorable sentence – which facilitates the flight for Sparkkitty.
Touch the photos and steal the crypto
Kaspersky says that Sparkkitty malware has been actively distributed both on Google Play Store and Apple App Store since February 2024, and has also been distributed by unofficial means.
Infected applications have since been removed from the two application stores.
In many cases, applications seemed legitimate and have been designed for many purposes. An infected application called Soex has been downloaded more than 10,000 times to the Google Play Store, and seemed to be a messaging application with trading and cryptocurrency exchange features-perfect disguise for malware designed to target cryptocurrency portfolios.
Once installed on a user’s device, the application will request authorization to access and modify the image library on iOS and Android devices. After obtaining access, the application then scored the image library and will redefine if it detects the modifications made to the image library, such as new images added or deleted.
Obviously, apart from the threat to cryptographic wallets, there is the threat that users are extorted using other images that could be found in their image library, but there is no evidence that this happens so far.
Pirates are constantly developing new tactics to hide their malware on applications that can be distributed via trust platforms such as Apple App Store and Google Play Store.
Do not forget to check that the application you download is made by a trusted developer, is certainly the authentic version of the application you are looking for and has trusted criticism. If in doubt, do not download it.
Also beware of applications that require more authorizations than they really need, or applications that require authorization to create new configuration profiles and certificates. Finally, when creating a memorable sentence to recover an account, do not keep it stored where it can be easily stolen.
Many of the best cloud storage services and the best password managers offer encrypted storage chests to store important sentences.
