Android and iOS devices are having their photos, particularly screenshots for cryptocurrency wallet recovery phrases, scoured by the novel SparkKitty malware to enable the theft of cryptowallets as part of an attack campaign that has been underway since February, according to BleepingComputer.
Threat actors have spread SparkKitty, which is believed to be descended from SparkCat, not only through the SOEX messaging app on Google Play and the coin app on the Apple App Store but also via counterfeit TikTok apps on unofficial app stores, a report from Kaspersky revealed. Execution of SparkKitty on Android devices prompts the retrieval and decryption of a remote configuration file to secure command-and-control URLs before seeking storage permissions for image access, with the malware then uploading images with their respective identifiers and metadata. On the other hand, access to iOS devices' photo galleries allows SparkKitty to track modifications and pilfer any newly added images. Both Google and Apple have already removed the erring apps from their respective stores.
Threat actors have spread SparkKitty, which is believed to be descended from SparkCat, not only through the SOEX messaging app on Google Play and the coin app on the Apple App Store but also via counterfeit TikTok apps on unofficial app stores, a report from Kaspersky revealed. Execution of SparkKitty on Android devices prompts the retrieval and decryption of a remote configuration file to secure command-and-control URLs before seeking storage permissions for image access, with the malware then uploading images with their respective identifiers and metadata. On the other hand, access to iOS devices' photo galleries allows SparkKitty to track modifications and pilfer any newly added images. Both Google and Apple have already removed the erring apps from their respective stores.
