A new threat has appeared on Android and iOS. Dubbed SparkKitty, the malware was uncovered by Kaspersky researchers. According to experts, it is likely an evolution of SparkCat, a formidable virus that managed to infiltrate the App Store and Play Store last January.
A virus lurking on the App Store and Play Store
Active since at least February 2024, SparkKitty has also managed to penetrate the Apple and Google app stores. To achieve its goals, the malware hid in cryptocurrency-related applications. On the Play Store, an instant messaging app that also allows for the exchange of cryptocurrencies has even been downloaded and installed more than 10,000 times by Internet users. To spread the malware, hackers also used fake TikTok or gambling apps, offered on "phishing pages imitating the official iPhone App Store" or booby-trapped APK files, exchanged on third-party platforms. Photo theft... and cryptocurrencies Once installed on the smartphone, the infected apps "perform the functions promised in their description" to lull users to their senses. They then download and install SparkKitty on the system. It doesn't take long for the malware to plunder "photos from the smartphone gallery". On iOS, the malware requests access to the photos. On Android, it requests permission to access storage to view the images.
Equipped with an OCR (Optical Character Recognition) module to analyze images stored on a device and extract text, the virus will search for images containing private keys linked to crypto wallets. The hackers will "try to find various confidential data in the stolen images, such as crypto wallet recovery phrases to access the victims' assets", researcher Dmitry Kalinin tells us.
For this reason, you should never take a screenshot of your recovery phrase or private keys. It's best to keep this vital information away from your smartphone. There are indirect signs that attackers are interested in people's digital assets: many of the infected apps are directly related to cryptocurrencies, and the Trojanized TikTok app also has an in-app store that only accepts cryptocurrency payments, the researcher added. Kaspersky contacted Google following its discovery. Asked by Bleeping Computer, Google states that "the reported app has been removed from Google Play and the developer has been banned", while "Android users are automatically protected from this app, regardless of the download source, by Google Play Protect, which is enabled by default on Android devices." As always, we advise you to check the developer's name before installing an app. Also, remember to read reviews; they often reveal if the app is hiding something. Also, avoid granting access to your photos to apps that don't necessarily need it to function.
Source: Kaspersky
0 Comments