Kaspersky flags new crypto malware targeting seed phrase screenshots
The post Kaspersky flags new crypto malware targeting seed phrase screenshots appeared on BitcoinEthereumNews.com. A brand-new strain of mobile spyware is targeting crypto users by stealing screenshots of their wallet seed phrases, with some contaminated apps slipping past Apple and Google’s shop defenses. Kaspersky has uncovered a new strain of mobile crypto malware that targets screenshots of seed expressions from crypto users’ phone picture galleries. The malware was spreading through both Android and iOS apps, some of which made it onto official app shops, including Google Play and Apple’s App Store. Targeting mainly users in Southeast Asia and China, the new malware dubbed SparkKitty appears to be a relative of SparkCat, a previous malware project found in January. Like SparkCat, this brand-new alternative focuses on stealing images containing sensitive info. The malware is hidden inside relatively legitimate apps, including TikTok mods, crypto trackers, gambling games, and adult content apps. These apps trick users into installing a unique developer profile, which allows the malware to run outside of the phone’s typical app review protections. When installed, the malware waits until the user opens particular screens (e.g. support chats) and then requests access to the picture gallery. It quietly scans images using optical character recognition to identify and take screenshots containing text if approved. Several of the fake apps had strong crypto themes, and several included crypto-only shops, suggesting that seed phrase collection was the goal. Two apps flagged in the reports were Soex Wallet Tracker and Coin Wallet Pro. Soex, which posed as a portfolio manager with real-time tracking functions, was downloaded over 5,000 times from Google Play before it was pulled. Coin Wallet Pro, which marketed itself as a secure multi-chain wallet, appeared briefly on the App Store, gaining traction through social media ads and Telegram promos before its removal. Kaspersky has informed both Apple and Google, and the affected apps have since been removed from their stores. The researchers said the campaign had been running since at least April 2024, with some samples dating back even earlier. Source: crypto.news
