EddieJayonCrypto

 25 Jun 25

tl;dr

A newly discovered Trojan called SparkKitty is infecting smartphones through apps related to crypto trading, gambling, and modified TikTok versions, stealing photos to capture cryptocurrency wallet seed phrases. It uses deceptive provisioning profiles to gain access and uploads images to a remote se...

A newly discovered Trojan named SparkKitty is infecting smartphones through apps related to crypto trading, gambling, and modified TikTok versions, targeting users primarily in China and Southeast Asia. This malware steals photos by exploiting provisioning profiles to access photo galleries, creating local databases, and uploading images to remote servers. Its main goal appears to be capturing cryptocurrency wallet seed phrases, critical for accessing users’ crypto wallets.

SparkKitty operates on both Android and iOS devices, disguising itself as crypto tools and TikTok mod apps available on official app stores. It is linked to the earlier SparkCat spyware campaign but differs by uploading all photos indiscriminately for later processing, rather than targeting images with seed phrases using OCR technology. Security firms warn that SparkKitty could potentially spread globally beyond its current focus regions.

This Trojan is part of a broader rise in malware targeting cryptocurrencies, joining threats like Noodlophile, which exploits AI tool downloads, and LummaC2, recently disrupted by international law enforcement after being linked to more than 1.7 million attempts at credential theft. According to TRM Labs’ 2024 report, nearly 70% of the $2.2 billion stolen in crypto last year came from infrastructure attacks involving seed phrase and private key theft, underscoring how Trojans like SparkKitty facilitate these significant losses.

Cybercriminals use these sophisticated infections to siphon sensitive data from infected devices, enabling full access to victims' wallets. The growing prevalence of such malware highlights the escalating risks facing cryptocurrency holders worldwide as attackers continue to innovate methods to breach security and exploit users’ personal information.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 27 Jun 25
 27 Jun 25
 27 Jun 25