SparkKitty, a dangerous new malware, is targeting mobile devices to compromise crypto wallets. It searches through users’ image data to uncover and steal seed phrases.
In recent cases, the malware infected phones through compromised apps, with several bait programs catering to lure crypto users. Thankfully, app store moderation has removed many of SparkKitty’s attack vectors.
Popular security firm Kaspersky identified this new malware today after months of observation across different mobile operating systems.
Earlier in February, the firm discovered SparkCat, an earlier iteration of this malware. After the previous discovery, the malicious developers repackaged this trojan through new apps.
Our researchers uncovered #SparkKitty, a stealthy Trojan targeting both #iOS and #Android devices.It captures images and device data from infected phones and transmits them to the attackers. The Trojan was embedded in apps related to #crypto, gambling, and even a trojanized… pic.twitter.com/2CjjSwcpeo
— Kaspersky (@kaspersky) June 24, 2025
According to the company’s full report, this piece of malware is specifically focused on targeting crypto users, especially in China and Southeast Asia.
Hackers embedded SparkKitty into crypto-related apps, like price trackers and messengers with crypto-buying functionality. One such compromised messenger, SOEX, was downloaded over 10,000 times before removal.
SparkKitty’s operators also branched out to include casino apps, adult sites, and fake TikTok clones. Even if a user downloaded a contaminated app, the malware wouldn’t automatically start looking for crypto.
Instead, the app would ostensibly function normally, asking for access to users’ photos. It would continue appearing normal even after gaining this permission.
In other words, this malware would repeatedly scan image data for signs of a crypto seed phrase, double-checking the compromised device periodically.
Kaspersky’s researchers have several reasons to believe that SparkKitty is an upgraded SparkCat. For example, they share several debug symbols, code construction, and even a few compromised vector apps.
However, SparkKitty is more ambitious than SparkCat. The earlier malware would focus on penetrating crypto security, while the upgraded version can compromise many types of sensitive data.
🚨 SlowMist TI Alert 🚨A new malware named #SparkKitty that steals all photos from infected iOS & Android devices — searching for crypto wallet seed phrases.⚠️ Delivered via:🔸 "币coin" (App Store)🔸 "SOEX" (Google Play, 10K+ installs, now removed)🔸 Casino apps, adult… pic.twitter.com/47WDc8l6tQ
— SlowMist (@SlowMist_Team) June 24, 2025
Nonetheless, SparkKitty’s main priority is still in uncovering seed phrases.
Overall, the best caution for users is never to store seed phrases digitally. Don’t even take a photo of it.
There’s no shortage of recent scams and malware that can compromise this password, thereby allowing attackers to steal all your crypto. It’s important not to give sketchy apps access to your devices, but it’s doubly vital to protect your seed phrase.
免责声明:投资有风险,本文并非投资建议,以上内容不应被视为任何金融产品的购买或出售要约、建议或邀请,作者或其他用户的任何相关讨论、评论或帖子也不应被视为此类内容。本文仅供一般参考,不考虑您的个人投资目标、财务状况或需求。TTM对信息的准确性和完整性不承担任何责任或保证,投资者应自行研究并在投资前寻求专业建议。