Cryptocurrency Users Face New Threat From SparkKitty Malware

Generated by AI AgentCoin World
Tuesday, Jun 24, 2025 10:31 am ET1min read
AAPL
--

SparkKitty, a newly discovered mobile malware, has been identified by cybersecurity researchers as a significant threat to cryptocurrency users. This malware specifically targets users by infiltrating their mobile devices and scanning photo galleries for screenshots of crypto wallet seed phrases. Unlike previous malware such as SparkCat, which used optical character recognition (OCR) to analyze images before stealing, SparkKitty indiscriminately grabs all photos, exploiting the common practice of saving seed phrases as screenshots.

SparkKitty spreads through seemingly legitimate crypto-themed

apps
available on both the
Apple
App Store and Google Play. On iOS, an app named “币 coin” passed Apple’s review process and appeared in the App Store. On Android, the malware was embedded in an app called SOEX, disguised as a messaging app with crypto exchange features. SOEX was downloaded over 10,000 times before its removal. Additionally, cybercriminals distribute SparkKitty via third-party sites, offering fake TikTok mods and entertainment apps. iOS users are tricked into installing developer profiles to bypass App Store protections.

Most victims so far are in China and Southeast Asia, but the malware’s code does not limit its reach, meaning anyone worldwide could be at risk. Cybersecurity experts warn that the malware’s infiltration of official app stores underlines the need for constant vigilance, even with apps that seem safe. Seed phrases give full access to crypto wallets, and with SparkKitty harvesting them from galleries, crypto investors are facing a real and growing risk.

To protect against SparkKitty, users are advised to avoid apps that request photo access without reason, never store seed phrases as screenshots, and delete any crypto-related screenshots immediately. It is also recommended to stick to apps from verified developers and, on iOS, remove unknown device profiles via Settings → General → Device Management. Considering the use of a trusted antivirus tool to detect malicious activity is also a prudent measure.

The discovery of SparkKitty highlights the advanced nature of this threat and the need for heightened vigilance and improved security practices among cryptocurrency users. As the malware continues to evolve, it is crucial for users to stay informed and take proactive steps to safeguard their digital assets.