Kaspersky researchers have identified a new Trojan spy, SparkKitty, which targets iOS and Android smartphones by sending images and device information to attackers. Embedded in apps related to cryptocurrency and gambling, as well as a trojanised TikTok app, SparkKitty has been distributed via the App Store, Google Play, and scam websites. The malware is believed to be aimed at stealing cryptocurrency assets, with users in Singapore and across Southeast Asia at risk.
SparkKitty is linked to the previously discovered SparkCat Trojan, which was the first of its kind on iOS to include an optical character recognition module capable of scanning image galleries for cryptocurrency wallet recovery phrases or passwords. This marks the second instance within a year that Kaspersky has found a Trojan stealer on the App Store.
The Trojan masquerades as legitimate apps, such as a crypto exchange app called 币coin on the App Store and a messenger app named SOEX on Google Play. Sergey Puzan, a malware expert at Kaspersky, explained that the malware was distributed through fake websites and special developer tools for corporate applications, embedding links to suspicious stores that only accept cryptocurrencies.
To mitigate the risk of infection, Kaspersky advises users to remove any infected applications, avoid storing sensitive information in their photo galleries, and use reliable cybersecurity software. Dmitry Kalinin, another Kaspersky expert, noted that the attackers are likely interested in digital assets, as many infected apps are crypto-related.
Kaspersky has alerted Google and Apple about the malicious apps, and a detailed report on the attack is available on Securelist.com. The discovery of SparkKitty underscores the ongoing threat of cyberattacks targeting digital assets in the region.
“`
