Particle.news
Download on the App Store
7 ARTICLES
·
10h ago

SparkKitty Malware Discovered in Google Play and App Store but Threat Persists

Researchers warn that the spyware uses optical character recognition to harvest seed phrase screenshots for unauthorized access.

Image
Hacker in a blue hoody standing in front of a coding background with binary streams and information security terms cybersecurity concept
Image

Overview

  • Kaspersky researchers identified SparkKitty embedded in the 币coin app on iOS and the SOEX app on Android, both of which have been removed from official stores.
  • The malware requests photo gallery access on iOS and storage permissions on Android to exfiltrate images along with device identifiers and metadata.
  • Some SparkKitty variants use Google ML Kit’s optical character recognition to detect text in images before uploading files to attacker servers.
  • Google confirmed that Play Protect automatically blocks SparkKitty on Android devices regardless of where the app was downloaded.
  • Active since February 2024 as a successor to SparkCat, the campaign continues through sideloaded and clone-store apps, prompting advice to revoke unnecessary permissions and store seed phrases offline.