By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Pew PatriotsPew PatriotsPew Patriots
Notification Show More
Font ResizerAa
  • Home
  • News
  • Tactical
  • Guns and Gear
  • Prepping & Survival
  • Videos
Reading: SparkKitty mobile malware targets Android and iPhone
Share
Font ResizerAa
Pew PatriotsPew Patriots
  • News
  • Tactical
  • Guns and Gear
  • Prepping & Survival
  • Videos
Search
  • Home
  • News
  • Tactical
  • Guns and Gear
  • Prepping & Survival
  • Videos
Have an existing account? Sign In
Follow US
SparkKitty mobile malware targets Android and iPhone
News

SparkKitty mobile malware targets Android and iPhone

Jimmie Dempsey
Last updated: July 1, 2025 2:36 pm
Jimmie Dempsey Published July 1, 2025
Share
SHARE

NEWYou can now listen to Fox News articles!

Bad actors constantly seek every bit of personal information they can get, from your phone number to your government ID. Now, a new threat targets both Android and iPhone users: SparkKitty, a powerful mobile malware strain that scans private photos to steal cryptocurrency recovery phrases and other sensitive data.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER.

What is SparkKitty mobile malware

Researchers at cybersecurity firm Kaspersky recently identified SparkKitty. This malware appears to succeed SparkCat, a campaign first reported earlier this year that used optical character recognition (OCR) to extract sensitive data from images, including crypto recovery phrases.

SparkKitty goes even further than SparkCat. According to Kaspersky, SparkKitty uploads images from infected phones without discrimination. This tactic exposes not just wallet data but also any personal or sensitive photos stored on the device. While the main target seems to be crypto seed phrases, criminals could use other images for extortion or malicious purposes.

Kaspersky researchers report that SparkKitty has operated since at least February 2024. Attackers distributed it through both official and unofficial channels, including Google Play and the Apple App Store.

SparkKitty uploads images from infected phones without discrimination.

How SparkKitty malware infects Android and iPhone devices

Kaspersky found SparkKitty embedded in several apps, including one called 币coin on iOS and another called SOEX on Android. Both apps are no longer available in their respective stores. SOEX, a messaging app with cryptocurrency-related features, reached more than 10,000 downloads from the Google Play Store before its removal.

On iOS, attackers deliver the malware through fake software frameworks or enterprise provisioning profiles, often disguised as legitimate components. Once installed, SparkKitty uses a method native to Apple’s Objective-C programming language to run as soon as the app launches. It checks the app’s internal configuration files to decide whether to execute, then quietly starts monitoring the user’s photo library.

On Android, SparkKitty hides in apps written in Java or Kotlin and sometimes uses malicious Xposed or LSPosed modules. It activates when the app launches or after a specific screen opens. The malware then decrypts a configuration file from a remote server and begins uploading images, device metadata, and identifiers.

On iOS, attackers deliver the malware through fake software frameworks or enterprise provisioning profiles.

Why SparkKitty is more dangerous than previous malware

Unlike traditional spyware, SparkKitty focuses on photos, especially those containing cryptocurrency recovery phrases, wallet screenshots, IDs, or sensitive documents. Instead of just monitoring activity, SparkKitty uploads images in bulk. This approach makes it easy for criminals to sift through and extract valuable personal data. 

4 ways to protect your phone from SparkKitty mobile malware

1) Stick to trusted developers: Avoid downloading obscure apps, especially if they have few reviews or downloads. Always check the developer’s name and history before installing anything.

2) Review app permissions: Be cautious of apps that request access to your photos, messages, or files without a clear reason. If something feels off, deny the permission or uninstall the app.

3) Keep your device updated: Install system and security updates as soon as they are available. These updates often patch vulnerabilities that malware can exploit.

4) Use mobile security software: The best way to safeguard yourself from malicious software is to have strong antivirus software installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices by visiting CyberGuy.com/LockUpYourTech.

Kurt’s key takeaway

Both Apple and Google removed the identified apps after being alerted, but questions remain about how SparkKitty bypassed their app review processes in the first place. As app stores grow, both in volume and complexity, the tools used to screen them will need to evolve at the same pace. Otherwise, incidents like this one will continue to slip through the cracks.

Do you think Google and Apple are doing enough to protect users from mobile malware and evolving security threats? Let us know by writing to us at Cyberguy.com/Contact.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.

Copyright 2025 CyberGuy.com. All rights reserved.

Read the full article here

You Might Also Like

Democratic donors reluctant to give to Biden’s presidential library: report

Riley Gaines fires back at Simone Biles after social media dispute over transgender athletes

UCLA quarterback Joey Aguilar transfers to Tennessee after Nico Iamaleava’s move from Vols to Bruins: report

Julie Chrisley is ‘doing well,’ focusing on family after returning home from prison

Shilo Sanders impressing Buccaneers during rookie minicamp: ‘He’s very intelligent’

Share This Article
Facebook Twitter Email Print
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

We Recommend
EXCLUSIVE: Democrats risk flood insurance lapse in their shutdown fight, home builders and White House warn
News

EXCLUSIVE: Democrats risk flood insurance lapse in their shutdown fight, home builders and White House warn

Jimmie Dempsey Jimmie Dempsey September 28, 2025
FBI’s Patel clarifies role of hundreds of agents on Jan 6, says Wray lied to Congress
Israeli cycling team excluded from Italy event amid concerns of pro-Palestinian protests
George Hardy, decorated Tuskegee Airman who served in 3 wars, dies at 100
Bondi declares ‘new era of political violence’ as federal agents deploy to ICE facilities nationwide
House Republican says teen son’s school promotes ‘non-monosexual identities’ in AM announcements, urges action
Robert Barnett, influential DC lawyer to politicians and journalists, dies at 79
News

Robert Barnett, influential DC lawyer to politicians and journalists, dies at 79

Jimmie Dempsey Jimmie Dempsey September 27, 2025
Hungarian official touts ‘golden age’ of US relationship, credits Trump with boosting NATO and investment
News

Hungarian official touts ‘golden age’ of US relationship, credits Trump with boosting NATO and investment

Jimmie Dempsey Jimmie Dempsey September 27, 2025
Russia Says A “False Flag” Provocation By Kiev Could Result In WW3
Prepping & Survival

Russia Says A “False Flag” Provocation By Kiev Could Result In WW3

Jimmie Dempsey Jimmie Dempsey September 27, 2025
Pew Patriots
  • News
  • Tactical
  • Prepping & Survival
  • Videos
  • Guns and Gear
2024 © Pew Patriots. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?