{"id":3826,"date":"2025-06-24T08:33:00","date_gmt":"2025-06-24T08:33:00","guid":{"rendered":"https:\/\/bitunikey.com\/news\/kaspersky-flags-new-crypto-malware-targeting-seed-phrase-screenshots\/"},"modified":"2025-06-24T08:33:03","modified_gmt":"2025-06-24T08:33:03","slug":"kaspersky-flags-new-crypto-malware-targeting-seed-phrase-screenshots","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/kaspersky-flags-new-crypto-malware-targeting-seed-phrase-screenshots\/","title":{"rendered":"Kaspersky flags new crypto malware targeting seed phrase screenshots"},"content":{"rendered":"<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">A new strain of mobile spyware is targeting crypto users by stealing screenshots of their wallet seed phrases, with some infected apps slipping past Apple and Google\u2019s store defenses.<\/p>\n<p>Kaspersky has <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/securelist.com\/sparkkitty-ios-android-malware\/116793\/\" target=\"_blank\">uncovered<\/a> a new strain of mobile crypto malware that targets screenshots of seed phrases from crypto users\u2019 phone photo galleries. The malware was spreading through both Android and iOS apps, some of which made it onto official app stores, including Google Play and Apple\u2019s App Store. <\/p>\n<p>Targeting primarily users in Southeast Asia and China, the new malware dubbed SparkKitty appears to be a relative of SparkCat, a previous malware campaign discovered in January. Like SparkCat, this new variant focuses on stealing photos containing sensitive information.<\/p>\n<p>The malware is hidden inside seemingly legitimate apps, including TikTok mods, crypto trackers, gambling games, and adult content apps. These apps trick users into installing a special developer profile, which allows the malware to run outside of the phone\u2019s usual app review protections. <\/p>\n<p>Once installed, the malware waits until the user opens specific screens (e.g. a support chats) and then asks for access to the photo gallery. If granted, it quietly scans images using optical character recognition to identify and steal screenshots containing text. <\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>Many of the fake apps had strong crypto themes, and several included crypto-only stores, suggesting that seed phrase collection was the goal.<\/p>\n<p>For example, two apps flagged in the reports were\u00a0Soex Wallet Tracker\u00a0and\u00a0Coin Wallet Pro. Soex, which posed as a portfolio manager with real-time tracking features, was downloaded over 5,000 times from Google Play before it was pulled. <\/p>\n<figure class=\"wp-block-image size-full\"><picture decoding=\"async\" class=\"wp-image-14391244\"><source type=\"image\/webp\" ><\/source><\/p>\n<\/picture><figcaption class=\"wp-element-caption\">Source: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/securelist.com\/sparkkitty-ios-android-malware\/116793\/\" target=\"_blank\">securelist.com<\/a><\/figcaption><\/figure>\n<p>Coin Wallet Pro, which marketed itself as a secure multi-chain wallet, appeared briefly on the App Store, gaining traction through social media ads and Telegram promotions before its removal. <\/p>\n<figure class=\"wp-block-image size-full\"><picture loading=\"lazy\" decoding=\"async\" class=\"wp-image-14391247\"><source type=\"image\/webp\" ><\/source><br \/>\n<img loading=\"lazy\" decoding=\"async\" width=\"1100\" height=\"1142\" src=\"https:\/\/bitunikey.com\/news\/wp-content\/uploads\/2025\/06\/1750753980_887_Kaspersky-flags-new-crypto-malware-targeting-seed-phrase-screenshots.png\" alt=\"Kaspersky flags new crypto malware targeting seed phrase screenshots - 2\">\n<\/picture><figcaption class=\"wp-element-caption\">Source: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/securelist.com\/sparkkitty-ios-android-malware\/116793\/\" target=\"_blank\">securelist.com<\/a><\/figcaption><\/figure>\n<p>Kaspersky has notified both Apple and Google, and the affected apps have since been removed from their stores. The researchers said the campaign had been running since at least\u00a0April 2024, with some samples dating back even earlier.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A new strain of mobile spyware is targeting crypto users by stealing screenshots of their wallet seed phrases, with some infected apps slipping past Apple and Google\u2019s store defenses. Kaspersky&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1229,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3826","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/3826","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=3826"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/3826\/revisions"}],"predecessor-version":[{"id":3827,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/3826\/revisions\/3827"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/1229"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=3826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=3826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=3826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}