Cybersecurity giant Kaspersky has found a new virus called “SparkKitty.” It targets iPhone and Android users by looking through their photo albums to find crypto wallet recovery phrases.
SparkKitty looks for crypto wallet related pictures in your photo gallery and right now it’s mainly affecting people in China and Southeast Asia, but experts say it could soon spread to other parts of the world.
How does it work?
Kaspersky researchers say the SparkKitty virus infects smartphones and secretly checks all saved photos on the device. It tries to find screenshots of crypto wallet recovery phrases, which are usually 12 or 24 words that people save as a backup.
If it finds these secret phrases, the virus can steal them and send them to hackers, who can then take over the wallet and steal the money.
SparkKitty Hides Inside Fake Apps
The SparkKitty virus spreads by pretending to be real, trusted mobile apps. One of them was called “币 coin”, a cryptocurrency tracking app that was once available on the Apple App Store.
Another fake app was “SOEX”, which claimed to be a messaging and crypto trading platform. It had over 100,000 downloads on Google Play, making it seem popular and trustworthy.
By disguising itself as these kinds of apps, SparkKitty was able to infect users’ phones without raising suspicion. People downloaded the apps thinking they were safe, but they were actually installing malware. After discovering the threat, Kaspersky informed both Google and Apple. The two companies have now removed the fake apps from their stores.