A new strain of mobile spyware is targeting cryptocurrency users by stealing screenshots of wallet seed phrases, with some infected apps bypassing the defenses of major app stores like Apple’s App Store and Google Play.

New Crypto Malware Targets Seed Phrases

Researchers have identified a novel strain of mobile crypto malware, named SparkKitty, that focuses on stealing screenshots containing sensitive information, such as wallet seed phrases. This malicious software has been spreading through both Android and iOS platforms, with several infected apps successfully infiltrating official app stores before being removed. The primary targets of this malware are users in Southeast Asia and China.

How SparkKitty Operates

Much like its predecessor, SparkCat, which was uncovered in January, SparkKitty is designed to extract sensitive information from users’ devices. The malware disguises itself within seemingly legitimate apps, including TikTok mods, cryptocurrency trackers, gambling games, and adult content platforms. These apps trick users into installing a special developer profile, bypassing standard app review protections and enabling the malware to operate undetected.

Once installed, SparkKitty activates when users interact with specific screens, such as support chats or wallet interfaces. The malware then requests access to the phone’s photo gallery. If granted, it scans the images using optical character recognition (OCR) technology to identify and exfiltrate screenshots that contain seed phrases or other critical text.

Apps Implicated in the Campaign

Several apps associated with this malware had strong crypto-related themes, suggesting that the primary objective was to collect wallet seed phrases. Two notable examples flagged in reports include:

  • Soex Wallet Tracker: Posing as a portfolio management tool with real-time tracking features, this app was downloaded over 5,000 times from Google Play before being removed.
  • Coin Wallet Pro: Marketed as a secure multi-chain wallet, this app briefly appeared on the App Store, gaining popularity through social media ads and Telegram promotions.

Security Measures and Timeline

Security researchers have notified both Apple and Google about the affected apps, which have since been removed from their respective stores. According to reports, this malware campaign has been active since at least April 2024, with some samples suggesting even earlier origins.

Tips to Protect Your Crypto Wallet

To safeguard your cryptocurrency assets and prevent malware attacks, consider the following precautions:

  • Download Apps Only from Trusted Sources: Stick to official app stores and verify the authenticity of the developers before downloading any app.
  • Limit Permissions: Be cautious when granting apps access to your photo gallery, contacts, or other sensitive data. If an app requests unnecessary permissions, it could be a red flag.
  • Keep Your Device Updated: Regularly update your phone’s operating system and apps to ensure you have the latest security patches.
  • Use a Hardware Wallet: For maximum security, store your seed phrases offline in a hardware wallet rather than saving them on your phone.
  • Enable Two-Factor Authentication (2FA): Add an extra layer of protection to your cryptocurrency accounts by enabling 2FA.

As the cryptocurrency space continues to grow, so do the risks associated with digital asset storage. Remaining vigilant and adhering to best practices can significantly reduce your exposure to potential threats.

Post Views: 0