A new and dangerous malware called SparkKitty has been found by Kaspersky, a well-known cybersecurity company. This malware is targeting Android and iOS smartphones, and it can steal photos and private device data.

Dangerous Malware Hidden Inside Popular Apps

SparkKitty hides inside apps that look normal. These apps are related to cryptocurrency trading, gambling, and even a fake TikTok app.

What makes this malware scary is that it sends photos and personal details from infected phones to the hackers. These photos may include screenshots or images of cryptocurrency wallet recovery phrases or passwords. That means hackers can later steal money or crypto coins from your account without you knowing.

SparkKitty has been spread in multiple ways. It has appeared on Google Play Store, fake websites, and even through fake iPhone app store pages. The malware tricks users by pretending to be real apps. For example, one of the fake apps was called ‘币coin’, which looks like a normal crypto app.

Link to Earlier iOS Malware and Use of Sneaky Tricks

Experts believe that SparkKitty is linked to another malware called SparkCat. SparkCat was one of the first viruses to be found on Apple’s App Store. It used a special feature called OCR (Optical Character Recognition) to read text inside images stored on phones. This allowed it to scan for sensitive information like recovery phrases and passwords for crypto wallets.

SparkKitty has taken this to the next level. It doesn’t just read data — it steals photos from the gallery and sends them to attackers. These images can be later checked by hackers to find any useful or secret information.

The malware was also found in a fake version of TikTok. This fake app had links inside user profiles that led to online stores which only accept cryptocurrency. This makes it clear that the main goal of these hackers is to steal digital assets like crypto coins.

Another trick the attackers used was enterprise app developer tools. This allowed them to install apps outside the normal app store, especially on iPhones. Normally, iPhones do not allow apps to be installed from outside the App Store. But with developer tools, the attackers found a legal way to bypass Apple’s security system.

Malware Found in Popular Apps and on Social Media

Hackers also spread SparkKitty using third-party websites and social media platforms. On Android, one of the apps used was a messaging app called SOEX, which also included crypto trading features. This app was downloaded over 10,000 times from the Google Play Store. While it looked like it worked normally, it was secretly stealing photos in the background.

Experts have also found APK files (Android app files) that were available for direct download from various websites. Most of these apps claimed to be crypto investment tools or trading platforms. These sites were promoted through YouTube and other social media platforms, making it easier for people to download them without suspecting anything.

💻 The new malware highway: hackers bypass firewalls by injecting viruses into DNS queries

After installing, these apps behaved normally. They didn’t crash or look suspicious. But behind the scenes, they were transmitting private images to the attackers. These images could later be used to look for recovery codes, secret keys, or even screenshots of crypto transactions.

Most infected apps were related to digital money or crypto wallets, and some fake versions of TikTok even included online shops that only accepted crypto. This shows that the attackers are clearly focused on stealing cryptocurrency from users in Southeast Asia and China.

Security experts are warning all users to be extra careful when downloading apps, especially if they are related to cryptocurrency, gambling, or social media platforms like TikTok. If an app is not from the official store or seems suspicious, it is safer not to download it. SparkKitty proves how sneaky and dangerous modern malware has become, and how it can affect both Android and iPhone users.