SparkKitty Malware: Stealing Photos from iOS and Android Users
A sophisticated Trojan malware known as SparkKitty has been actively targeting iOS and Android devices since early 2024, infiltrating official app stores and untrusted websites to steal images from users’ galleries. This campaign, an evolution of the previous SparkCat operation, poses significant threats, particularly in Southeast Asia and China, by exfiltrating personal photos and potentially capturing sensitive data like cryptocurrency wallet seed phrases.
Distribution Methods
SparkKitty has successfully bypassed app store vetting processes, embedding itself in seemingly legitimate applications such as 币coin (a cryptocurrency tracker) and SOEX (a messaging platform with trading features).
The SOEX app alone garnered over 10,000 downloads before its removal from Google Play, showcasing the malware's ability to spread through trusted platforms.
On iOS, SparkKitty exploits enterprise provisioning profiles to sideload malicious apps, circumventing Apple’s standard review process and traditional security measures.
Comment(s)
Categories
- Other (43)
- Ransomware (154)
- Events and News (27)
- Features (45)
- Security (487)
- Tips (79)
- Google (29)
- Achievements (11)
- Products (36)
- Activation (7)
- Dealers (1)
- Bank Phishing (53)
- Malware Alerts (232)
- Cyber Attack (303)
- Data Backup (13)
- Data Breach (130)
- Phishing (165)
- Securty Tips (2)
- Browser Hijack (19)
- Adware (15)
- Email And Password (71)
- Android Security (77)
- Knoweldgebase (38)
- Botnet (17)
- Updates (4)
- Alert (71)
- Hacking (71)
- Social Media (8)
- vulnerability (75)
- Hacker (38)
- Spyware (12)
- Windows (8)
- Microsoft (25)
- Uber (1)
- YouTube (1)
- Trojan (4)
- Website hacks (10)
- Paytm (1)
- Credit card scam (2)
- Telegram (3)
- RAT (8)
- Bug (3)
- Twitter (2)
- Facebook (8)
- Banking Trojan (9)
- Mozilla (2)
- COVID-19 (5)
- Instagram (3)
- NPAV Announcement (9)
- IoT Security (2)
- Deals and Offers (2)
- Cloud Security (12)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (3)
- WhatsApp (6)
- Amazon (2)
- DMart (1)
- Payment Risk (5)
- Occasion (3)
- firewall (3)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (47)
- Impersonation phishing (1)
- DDoS (7)
- Smishing (2)
- Whale (0)
- Whale phishing (4)
- WINRAR (2)
- ZIP (2)
- Fraud Protector (36)
Recent Posts
Archive
Tags
cybersecurity
cybercrime
cyber attack
phishing
phishing attacks
data breach
cyber threats
data theft
phishing attack
malware
cyber fraud
android malware
credential theft
cybersecurity threats
ransomware
financial fraud
ransomeware
social engineering
data protection
financial security
cyber security
#cybersecurity
cyberthreats
phishingattack
network security
cyber threat
malware distribution
identity theft
security vulnerabilities
cert-in
data stealing
ransomware attacks
cyber crime
phishing scam
online fraud
data security
ddos attack
critical vulnerability
phishing email
ransomware attack
microsoft
cyber attacks
digital safety
twitter
ddos
india
cybercriminals
cyberattack
trojan
malware attack
