Edward
Jakarta, June 26, 2025 — Cybersecurity researchers have uncovered a new threat called SparkKitty, a dangerous malware that hides inside mobile apps and silently steals the entire photo gallery from Android and iPhone users. Even worse, this malware is designed to search for crypto wallet recovery phrases (seed phrases) that are often saved as screenshots.
SparkKitty is an evolved version of the earlier SparkCat malware discovered earlier this year. However, SparkKitty is far more aggressive, stealing every photo on the device, not just selected ones. Using OCR (Optical Character Recognition) technology, it scans images for text, such as crypto seed phrases, private notes, or sensitive documents.
How Does This Malware Spread?
SparkKitty has been found hidden inside popular apps that successfully made it into the Google Play Store and Apple App Store. For example, an app called 币coin (a crypto tracker) was listed on the App Store, and a messaging app named SOEX was downloaded over 10,000 times on Google Play before being taken down.
The threat doesn’t end there. SparkKitty also spreads via malicious links, third-party APKs, and fake iOS configuration profiles. Once installed, the fake app will request access to your photo gallery or storage. If granted, the malware will routinely upload all your photos to the attacker’s server – including any new images added over time.
What Is SparkKitty Looking For?
SparkKitty’s main target is your crypto wallet seed phrase — the 12 or 24 secret words used to access digital wallets like MetaMask, Trust Wallet, or others. Many users take screenshots of these phrases and store them on their phones, unaware that this makes them extremely vulnerable to theft.
However, the danger goes beyond crypto. All kinds of personal photos, important documents, and private content in your gallery could also be stolen. This opens the door to data abuse, blackmail, or serious privacy breaches.
Who Is Being Targeted?
According to reports from cybersecurity firm Kaspersky, the malware first spread in regions like Southeast Asia and China, but it has the potential to expand globally. Because it’s a cross-platform threat affecting both Android and iOS, all smartphone users should be on alert.
How to Protect Yourself from SparkKitty
To avoid becoming a victim of SparkKitty or similar threats, cybersecurity experts recommend the following actions:
- 🔒 Install Only from Trusted Sources
While SparkKitty has made its way into official app stores, the risk is significantly higher when using third-party sources. Check app reviews, developer names, and the permissions requested. - 📷 Watch for Unnecessary Gallery or Storage Access
If an app that doesn’t need access to photos suddenly asks for it, deny the request and uninstall the app. - 🧹 Regularly Remove Unused Apps
Unused apps can pose silent risks. Do a digital “spring cleaning” every few weeks. - 🧾 Never Save Your Seed Phrase as a Photo
Write down your crypto recovery phrase and keep it safe. Alternatively, use a password manager with encryption to store sensitive information safely. - 🔐 Enable Extra Security Features
On Android, make sure Google Play Protect is turned on. On iOS, avoid installing profiles or certificates from unknown sources.
Conclusion
SparkKitty is a clear sign that malware is becoming smarter and more invasive. It doesn’t just steal passwords or technical data—it attacks the most personal part of your device: your photo gallery. It is imperative that you protect your private information in the modern digital world.
Never take app permissions lightly. Know what you’re granting, why it’s needed, and what the risks are. A one thoughtless click can cost you money, peace of mind, and privacy.
