A new mobile malware called SparkKitty is actively targeting both iPhones and Android devices. It steals users’ private photos and screenshots by secretly siphoning them from infected phones.
Kaspersky researchers have warned that the malware has been active since early 2024, infiltrating even the official Apple App Store and Google Play. It spread through seemingly harmless apps like the crypto-themed “币coin” on iOS and the SOEX messaging app on Android. Once installed, these apps requested access to users’ photo galleries and then silently uploaded the images to hackers’ servers.
Unlike its predecessor, SparkCat, SparkKitty Spyware targets more than just crypto-wallet seed phrases. It scans entire photo libraries—including everyday snapshots—for sensitive content. Using optical character recognition (OCR), it identifies screenshots containing text, especially those related to finances or identity, and transmits them to attackers.
Read More: Google Chrome might get a new privacy feature
Experts say SparkKitty begins operating silently as soon as users grant permissions. On iOS, it bypasses App Store rules by exploiting developer provisioning profiles. On Android, it hides within Java or Kotlin code in apps that appear legitimate. Once installed, it uploads both existing images and any new ones in near real time.
Kaspersky advises users to avoid taking screenshots of sensitive information like crypto seed phrases and to rely on physical backups instead. They recommend that Android users enable Google Play Protect and use antivirus software, while iPhone users should consider using third-party Mac-based tools to detect hidden malware.
[embedpost slug=”meta-faces-million-crown-daily-fine-in-norway-for-privacy-breaches/”]
 
								 
															


















