New Mobile Spyware Steals Crypto Wallets: Apple and Google Stores Infiltrated!

Kaspersky Uncovers Dangerous Malware Targeting Seed Phrases

Hang on to your wallets, crypto fans! A sneaky new strain of mobile spyware is on the loose, and it's gunning straight for your crypto! This digital thief is snatching screenshots of your precious wallet seed phrases, and guess what? Some of these infected apps have managed to slip right past Apple and Google's defenses!

Kaspersky just blew the lid off this operation, revealing a new breed of mobile crypto malware that's zooming in on those seed phrase screenshots stashed in your phone's photo gallery. This bad boy's been spreading like wildfire through both Android and iOS apps, and some of them even made it onto the official app stores, including Google Play and Apple's App Store. Can you believe it?

This new malware, dubbed SparkKitty, is hitting users hard in Southeast Asia and China. It's like the evil twin of SparkCat, a nasty malware campaign we saw back in January. And just like its predecessor, SparkKitty's all about snagging those photos with your sensitive info.

But here's the kicker: this malware's hiding inside apps that look totally legit. We're talking TikTok mods, crypto trackers, gambling games, and even adult content apps. These apps are tricking users into installing a special developer profile, which lets the malware run wild outside your phone's usual app review protections. Sneaky, right?

Once it's in, the malware plays the waiting game until you open certain screens—like support chats—and then it hits you with a request to access your photo gallery. If you say yes, it quietly scans your images using optical character recognition to spot and steal those screenshots with text. It's like a digital pickpocket!

And get this: many of these fake apps are dripping with crypto themes, and some even have crypto-only stores. It's clear as day that stealing your seed phrases is the main prize they're after.

Take, for example, two apps that got called out in the reports: Soex Wallet Tracker and Coin Wallet Pro. Soex, which pretended to be a slick portfolio manager with real-time tracking, racked up over 5,000 downloads from Google Play before it got yanked. And Coin Wallet Pro, which strutted around as a secure multi-chain wallet, made a quick appearance on the App Store, gaining steam through social media ads and Telegram promotions before it got the boot.

Kaspersky's already sounded the alarm to both Apple and Google, and the infected apps have been kicked out of their stores. The researchers spilled that this campaign's been running since at least April 2024, with some samples dating back even further. So, keep your eyes peeled and your wallets locked down, crypto warriors!