ExchangeDEX+

Buy Crypto Markets Spot Futures500X Earn Events

A new strain of mobile spyware is targeting crypto users by stealing screenshots of their wallet seed phrases, with some infected apps slipping past Apple and Google’s store defenses. Kaspersky has uncovered a new strain of mobile crypto malware that…A new strain of mobile spyware is targeting crypto users by stealing screenshots of their wallet seed phrases, with some infected apps slipping past Apple and Google’s store defenses. Kaspersky has uncovered a new strain of mobile crypto malware that…

Kaspersky flags new crypto malware targeting seed phrase screenshots

Author: Crypto.news

Source: Crypto.news

2025/06/24 16:31

MOBILE$0.0002203-0.13%

SEED$0.0004719-0.84%

WALLET$0.01467+1.66%

A new strain of mobile spyware is targeting crypto users by stealing screenshots of their wallet seed phrases, with some infected apps slipping past Apple and Google’s store defenses.

Kaspersky has uncovered a new strain of mobile crypto malware that targets screenshots of seed phrases from crypto users’ phone photo galleries. The malware was spreading through both Android and iOS apps, some of which made it onto official app stores, including Google Play and Apple’s App Store.

Targeting primarily users in Southeast Asia and China, the new malware dubbed SparkKitty appears to be a relative of SparkCat, a previous malware campaign discovered in January. Like SparkCat, this new variant focuses on stealing photos containing sensitive information.

The malware is hidden inside seemingly legitimate apps, including TikTok mods, crypto trackers, gambling games, and adult content apps. These apps trick users into installing a special developer profile, which allows the malware to run outside of the phone’s usual app review protections.

Once installed, the malware waits until the user opens specific screens (e.g. a support chats) and then asks for access to the photo gallery. If granted, it quietly scans images using optical character recognition to identify and steal screenshots containing text.

Many of the fake apps had strong crypto themes, and several included crypto-only stores, suggesting that seed phrase collection was the goal.

For example, two apps flagged in the reports were Soex Wallet Tracker and Coin Wallet Pro. Soex, which posed as a portfolio manager with real-time tracking features, was downloaded over 5,000 times from Google Play before it was pulled.

Kaspersky flags new crypto malware targeting seed phrase screenshots - 1

Coin Wallet Pro, which marketed itself as a secure multi-chain wallet, appeared briefly on the App Store, gaining traction through social media ads and Telegram promotions before its removal.

Kaspersky flags new crypto malware targeting seed phrase screenshots - 2

Kaspersky has notified both Apple and Google, and the affected apps have since been removed from their stores. The researchers said the campaign had been running since at least April 2024, with some samples dating back even earlier.

Market Opportunity

Helium Mobile Price(MOBILE)

$0.0002203

$0.0002203$0.0002203

-0.22%

USD

Helium Mobile (MOBILE) Live Price Chart

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.