SparkKitty Malware Overview

A sophisticated Trojan malware known as SparkKitty has been actively targeting iOS and Android devices since early 2024, infiltrating official app stores and untrusted websites to steal images from users’ galleries. This campaign, an evolution of the previous SparkCat operation, poses significant threats, particularly in Southeast Asia and China, by exfiltrating personal photos and potentially capturing sensitive data like cryptocurrency wallet seed phrases.

SparkKitty Malware OverviewSparkKitty Malware Overview

Distribution Methods
SparkKitty has successfully bypassed app store vetting processes, embedding itself in seemingly legitimate applications such as 币coin (a cryptocurrency tracker) and SOEX (a messaging platform with trading features).

SparkKitty Malware OverviewSparkKitty Malware Overview

The SOEX app alone garnered over 10,000 downloads before its removal from Google Play, showcasing the malware's ability to spread through trusted platforms.

On iOS, SparkKitty exploits enterprise provisioning profiles to sideload malicious apps, circumventing Apple’s standard review process and traditional security measures.

"NPAV recommends home users and organizations to maintain strong, up-to-date cybersecurity measures. Install NPAV on your desktop, laptop, and mobile devices to ensure world-class protection against fraud, malware, and ransomware attacks.

Choose NPAV and be a part of our mission to make the digital world safer for everyone."