SparkKitty Malware: Crypto Seed Phrase Thief

SparkKitty malware steals seed phrase screenshots via crypto apps on iOS/Android—learn how it works and ways to protect your wallet.

Photo of Aurelien Sage Aurelien Sage Follow on X Send an email June 24, 2025 - 6:00 PM
15 1 minute read
Smartphone gallery with stolen seed phrase screenshot — SparkKitty malware risk
Market
  • SparkKitty steals gallery images, seeking crypto seed‑phrase screenshots.
  • Distributed via disguised crypto apps on App Store & Google Play.
  • Users in Southeast Asia/China targeted; global expansion possible.

Discovered by Kaspersky in June 2025, SparkKitty is a photo-stealing malware that targets iOS and Android users. It spreads through crypto-themed apps that seem legitimate but are designed to access the user’s photo gallery. Once installed, SparkKitty scans images—especially screenshots of wallet seed phrases—and sends them to a remote server controlled by attackers.

magacoinfinance

Unlike earlier malware like SparkCat, which uses OCR to analyze images before stealing, SparkKitty grabs all photos indiscriminately, likely aiming to exploit the common practice of saving seed phrases as screenshots.

How It Spreads

Infected Apps

On iOS, an app named “币 coin” passed Apple’s review process and appeared in the App Store. On Android, the malware was embedded in an app called SOEX, disguised as a messaging app with crypto exchange features. SOEX was downloaded over 10,000 times before removal.

Phishing Websites

Cybercriminals also distribute SparkKitty via third-party sites, offering fake TikTok mods and entertainment apps. iOS users are tricked into installing developer profiles to bypass App Store protections.

Who’s Affected and What to Do

Target Regions

Most victims so far are in Southeast Asia and China, but SparkKitty’s code doesn’t limit its reach—meaning anyone worldwide could be at risk.

Protection Tips

  • Avoid apps that request photo access without reason.
  • Never store seed phrases as screenshots.
  • Delete any crypto-related screenshots immediately.
  • Stick to apps from verified developers.
  • On iOS, remove unknown device profiles via Settings → General → Device Management.
  • Consider using a trusted antivirus tool to detect malicious activity.

Why It Matters

Seed phrases give full access to crypto wallets. With SparkKitty harvesting them from galleries, crypto investors are facing a real and growing risk. The malware’s infiltration of official app stores underlines the need for constant vigilance—even with apps that seem safe.

Read Also :

Disclaimer: The content on CoinoMedia is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency investments carry risks, and readers should conduct their own research before making any decisions. CoinoMedia is not responsible for any losses or actions taken based on the information provided.
Tags
Photo of Aurelien Sage Aurelien Sage Follow on X Send an email June 24, 2025 - 6:00 PM
15 1 minute read
Photo of Aurelien Sage

Aurelien Sage

Aurelien Sage is a blockchain enthusiast and writer, crafting insightful articles on decentralized technologies, Web3, and the future of finance. His work simplifies complex concepts, empowering readers to navigate the evolving crypto landscape with confidence.

Related Articles

Ethereum resistance zone around $4.7K on price chart

Ethereum Stalls Again at $4.7K Resistance Zone

August 18, 2025 - 2:30 PM
Cathie Wood predicts Bitcoin could increase 15x in value by 2030

Cathie Wood Predicts Bitcoin Could Surge 15x by 2030

August 18, 2025 - 2:15 PM
CMBI crypto trading platform launched in Hong Kong

CMBI Launches 24/7 Crypto Trading in Hong Kong

August 18, 2025 - 2:00 PM
Ethereum ETFs see record $2.85B weekly inflows beating Bitcoin

Ethereum ETFs Outshine Bitcoin with $2.85B Inflows

August 18, 2025 - 1:45 PM
Back to top button