Kaspersky Uncovers New Malware Targeting Cryptocurrency User Mnemonics Screenshot

BlockBeats News, June 24th, cybersecurity company Kaspersky announced that a malware known as SparkKitty has been active since at least early 2024, potentially related to a similar malware called SparkCat. The cybersecurity firm stated in a report this Monday that SparkKitty is specifically designed to steal photos from infected devices, with the aim of finding screenshots of cryptocurrency wallet seed phrases.

Kaspersky analysts Sergey Puzan and Dmitry Kalinin explained that the malware targets both iOS and Android platforms, spreading through certain applications on the Apple App Store and Google Play Store. Once a device is infected, the malware indiscriminately steals all images from the photo gallery. "While we suspect the attacker's main goal is screenshots of cryptocurrency wallet seed phrases, the stolen images may also contain other sensitive data."

Kaspersky identified two apps used to distribute this malware, both related to cryptocurrency. One app, named "Coin," disguised itself as a cryptocurrency price tracker and was previously available on the App Store. The other app, called SOEX, is a communication app with "cryptocurrency trading functionality" and has been downloaded over 10,000 times on Google Play.

"The app was downloaded over ten thousand times on Google Play. We have notified Google, and the app has now been removed from the store," Puzan and Kalinin stated. A Google spokesperson later confirmed that the app had been taken down, and the developer account had been banned.

According to Kaspersky's findings, the primary targets of this malware are users in Southeast Asia and China, as the infected apps are mostly Chinese-language gambling games, TikTok clones, and adult games. "From the sources of distribution, this spyware primarily targets users in Southeast Asia and China," the analysts noted. "However, there is no geographical limitation in its technology, and it could also target users in other regions."