Particle.news
Download on the App Store
7 ARTICLES
·
yesterday

SparkKitty Malware Removed From App Stores After Photo-Theft Campaign

Security experts warn the spyware exfiltrated broad swaths of device images to harvest cryptocurrency recovery phrases

Image
Hacker in a blue hoody standing in front of a coding background with binary streams and information security terms cybersecurity concept
Image

Overview

  • Kaspersky identified SparkKitty in ‘币coin’ on Apple’s App Store and ‘SOEX’ on Google Play before both apps were swiftly removed
  • The malware exploits iOS photo-gallery and Android storage permissions to upload images and device metadata to remote servers
  • Researchers link SparkKitty to the earlier SparkCat strain and note some variants use OCR to pinpoint and steal seed-phrase screenshots
  • Google says Play Protect, enabled by default on Android devices, blocks the malicious SOEX app and similar threats
  • Although apps have been pulled from official stores, the campaign—active since February 2024—continues through unofficial channels, risking crypto loss and potential extortion