This malware is capable of stealing photos and device information, then sending them to the hacker's server. SparkKitty often appears in applications related to cryptocurrency, betting games, and a fake version of TikTok. They are spread through the App Store, Google Play and also phishing websites. This attack campaign is said to target users in Southeast Asia and China, including Vietnam.
Kaspersky has warned Apple and Google about the malicious apps involved. Some details show that SparkKitty is related to SparkCat – a malware that has attracted attention for using OCR technology to scan screenshots to find passwords or recovery phrases for cryptocurrency wallets. This is the second time this year that experts have recorded a data-stealing Trojan appearing on the App Store.
A fake App Store website that tricks users into installing the TikTok app, and a fake online store embedded in the fake TikTok app
On iOS, SparkKitty is disguised as 币coin, a cryptocurrency app. Additionally, fake App Store websites are spreading malware-infected versions of TikTok and gambling games. Hackers are using a developer tool to install the app outside the legitimate App Store. When users log in to the fake TikTok, the malware immediately accesses their photo library and places a malicious link in their profile – leading to a store that only accepts cryptocurrency payments.
Kaspersky expert Sergey Puzan warned: “The misuse of developer tools to spread malware is a worrying trend, as it bypasses iOS protection barriers. In particular, phishing websites are becoming more and more sophisticated, making it easy for users to be tricked into installing the wrong code.”
Fake SOEX Cryptocurrency Exchange App on Google Play
For Android, SparkKitty is also distributed via Google Play and external websites, hidden in cryptocurrency apps. One example is SOEX, a messaging app with integrated cryptocurrency trading functionality, which has had more than 10,000 downloads. In addition, third-party APK files also contain malicious code, which are heavily promoted on social networks such as YouTube, TikTok, and Facebook.
“The malware works invisibly, sending images to the attack server. These images can contain recovery keys for cryptocurrency wallets, allowing hackers to steal assets,” said expert Dmitry Kalinin. The fact that most of the infected apps are related to cryptocurrencies suggests that the main goal is to steal digital assets.
Users are advised not to install applications from untrusted sources, carefully check developer information and use mobile security solutions.
A detailed report on this attack campaign is posted on Securelist.com.
Source: https://nld.com.vn/canh-bao-trojan-sparkkitty-gia-mao-tiktok-tan-cong-nguoi-dung-ios-va-android-196250627073413671.htm
![[Photo] Joy on the new Phong Chau bridge](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/28/b00322b29c8043fbb8b6844fdd6c78ea)
![[Photo] National Assembly Chairman Tran Thanh Man presided over the welcoming ceremony for Chairman of the State Duma of the Russian Federation Vyacheslav Volodin](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/28/889b54ac5cd440099ddc618c99663612)
![[Photo] The 4th meeting of the Inter-Parliamentary Cooperation Committee between the National Assembly of Vietnam and the State Duma of Russia](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/28/9f9e84a38675449aa9c08b391e153183)
![[Photo] High-ranking delegation of the Russian State Duma visits President Ho Chi Minh's Mausoleum](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/28/c6dfd505d79b460a93752e48882e8f7e)
Comment (0)