Security
Kaspersky finds Spy Trojan ‘SparkKitty’ on App Store and Google Play, Targeting Asian Crypto Users
2025-07-02
Cybersecurity firm Kaspersky has uncovered a new cross-platform Trojan spyware named SparkKitty, targeting both iOS and Android users via apps found on Apple’s App Store, Google Play, and third-party websites. Disguised as legitimate applications related to cryptocurrency, gambling, and even a trojanized TikTok app, SparkKitty steals sensitive information from users’ devices, particularly photos and device data. These stolen images may contain critical credentials like cryptocurrency wallet recovery phrases, which attackers can use to access victims’ digital assets.
On iOS, SparkKitty was spread through fake websites mimicking the official App Store, distributing counterfeit TikTok and crypto apps. One such app, “币coin,” posed as a crypto platform. The malware used Apple’s developer tools, which allow enterprise apps to be installed outside the App Store, to infect devices. Upon installation, the malicious TikTok clone linked to a suspicious e-commerce store accepting only cryptocurrency payments, raising red flags about potential fraudulent activities.
On Android, SparkKitty infiltrated devices through both Google Play and unofficial sites. A crypto messaging app named SOEX, downloaded over 10,000 times, was among the infected apps. Despite functioning as described, these apps secretly transmitted gallery photos to the attackers. Kaspersky suspects that attackers scan these images using optical character recognition (OCR) to locate wallet phrases and login credentials. Many of these fake apps were advertised on YouTube and social media, tricking users into downloading them from phishing websites.
SparkKitty is likely connected to an earlier malware strain called SparkCat, also identified by Kaspersky, making this the second serious spyware discovery on the App Store within a year. Google and Apple have been notified about the compromised apps.
Indian users are also at risk, especially those dealing with crypto assets. Kaspersky urges users to delete suspicious apps immediately, avoid saving screenshots with sensitive data, and use tools like Kaspersky Premium or a password manager to secure credentials. A full technical report is available on Securelist.com.
On iOS, SparkKitty was spread through fake websites mimicking the official App Store, distributing counterfeit TikTok and crypto apps. One such app, “币coin,” posed as a crypto platform. The malware used Apple’s developer tools, which allow enterprise apps to be installed outside the App Store, to infect devices. Upon installation, the malicious TikTok clone linked to a suspicious e-commerce store accepting only cryptocurrency payments, raising red flags about potential fraudulent activities.
On Android, SparkKitty infiltrated devices through both Google Play and unofficial sites. A crypto messaging app named SOEX, downloaded over 10,000 times, was among the infected apps. Despite functioning as described, these apps secretly transmitted gallery photos to the attackers. Kaspersky suspects that attackers scan these images using optical character recognition (OCR) to locate wallet phrases and login credentials. Many of these fake apps were advertised on YouTube and social media, tricking users into downloading them from phishing websites.
SparkKitty is likely connected to an earlier malware strain called SparkCat, also identified by Kaspersky, making this the second serious spyware discovery on the App Store within a year. Google and Apple have been notified about the compromised apps.
Indian users are also at risk, especially those dealing with crypto assets. Kaspersky urges users to delete suspicious apps immediately, avoid saving screenshots with sensitive data, and use tools like Kaspersky Premium or a password manager to secure credentials. A full technical report is available on Securelist.com.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
