SparkKitty, a dangerous new malware, is targeting mobile devices to compromise crypto wallets. It searches through users’ image data to uncover and steal seed phrases.
In recent cases, the malware infected phones through compromised apps, with several bait programs catering to lure crypto users. Thankfully, app store moderation has removed many of SparkKitty’s attack vectors.
Popular security firm Kaspersky identified this new malware today after months of observation across different mobile operating systems.
Earlier in February, the firm discovered SparkCat, an earlier iteration of this malware. After the previous discovery, the malicious developers repackaged this trojan through new apps.
Our researchers uncovered #SparkKitty, a stealthy Trojan targeting both #iOS and #Android devices.It captures images and device data from infected phones and transmits them to the attackers. The Trojan was embedded in apps related to #crypto, gambling, and even a trojanized… pic.twitter.com/2CjjSwcpeo
— Kaspersky (@kaspersky) June 24, 2025
According to the company’s full report, this piece of malware is specifically focused on targeting crypto users, especially in China and Southeast Asia.
Hackers embedded SparkKitty into crypto-related apps, like price trackers and messengers with crypto-buying functionality. One such compromised messenger, SOEX, was downloaded over 10,000 times before removal.
SparkKitty’s operators also branched out to include casino apps, adult sites, and fake TikTok clones. Even if a user downloaded a contaminated app, the malware wouldn’t automatically start looking for crypto.
Instead, the app would ostensibly function normally, asking for access to users’ photos. It would continue appearing normal even after gaining this permission.
In other words, this malware would repeatedly scan image data for signs of a crypto seed phrase, double-checking the compromised device periodically.
Kaspersky’s researchers have several reasons to believe that SparkKitty is an upgraded SparkCat. For example, they share several debug symbols, code construction, and even a few compromised vector apps.
However, SparkKitty is more ambitious than SparkCat. The earlier malware would focus on penetrating crypto security, while the upgraded version can compromise many types of sensitive data.
🚨 SlowMist TI Alert 🚨A new malware named #SparkKitty that steals all photos from infected iOS & Android devices — searching for crypto wallet seed phrases.⚠️ Delivered via:🔸 "幣coin" (App Store)🔸 "SOEX" (Google Play, 10K+ installs, now removed)🔸 Casino apps, adult… pic.twitter.com/47WDc8l6tQ
— SlowMist (@SlowMist_Team) June 24, 2025
Nonetheless, SparkKitty’s main priority is still in uncovering seed phrases.
Overall, the best caution for users is never to store seed phrases digitally. Don’t even take a photo of it.
There’s no shortage of recent scams and malware that can compromise this password, thereby allowing attackers to steal all your crypto. It’s important not to give sketchy apps access to your devices, but it’s doubly vital to protect your seed phrase.
免責聲明:投資有風險,本文並非投資建議,以上內容不應被視為任何金融產品的購買或出售要約、建議或邀請,作者或其他用戶的任何相關討論、評論或帖子也不應被視為此類內容。本文僅供一般參考,不考慮您的個人投資目標、財務狀況或需求。TTM對信息的準確性和完整性不承擔任何責任或保證,投資者應自行研究並在投資前尋求專業建議。