How the ‘SparkKitty’ Trojan Is Stealing Crypto Wallet Data From Phones
A new Trojan named "SparkKitty" is infecting smartphones and stealing sensitive data, potentially allowing attackers to access victims' cryptocurrency wallets. The malware is found in apps related to crypto trading, gambling, and modified TikTok versions. It installs through deceptive provisioning profiles and requests access to the photo gallery, creating a database of stolen images and uploading them to a remote server. The primary target is screenshots of crypto wallet seed phrases. SparkKitty mainly affects users in China and Southeast Asia but could spread globally. In 2023, 70% of $2.2 billion in stolen crypto resulted from infrastructure attacks, with malware like SparkKitty facilitating thefts of wallet credentials. SparkKitty is linked to the SparkCat spyware campaign and is present in both Android and iOS app stores. Other crypto-targeting malware, such as Noodlophile, has also emerged, exploiting AI-related interests. An international law enforcement effort recently targeted the LummaC2 malware, which has been involved in over 1.7 million theft attempts.
