Kaspersky reveals new virus, specializing in encrypted user mnemonic screenshots

BlockBeats News: On June 24th, cybersecurity company Kaspersky stated that the malicious software called SparkKitty has been active since at least early 2024 and may be related to a similar malicious program called SparkCat. This cybersecurity company stated in a report on Monday that SparkKitty specifically stole photos from infected devices in order to find mnemonic screenshots of encrypted wallets. Kaspersky analysts Sergey Puzan and Dmitry Kalinin stated that the malware targets both iOS and Android platforms and spreads by infiltrating some applications on the Apple App Store and Google Play. Once the device is infected, the malicious program will indiscriminately steal all the images in the album. Although we suspect that the attacker's main target is the mnemonic screenshots of the encrypted wallet, the stolen images may also contain other sensitive data The two applications discovered by Kaspersky for spreading this malicious software are both related to cryptocurrency. One of the applications, called 'Coin', disguised as an encrypted information tracker, was once listed on the App Store. Another application called SOEX is a communication software with "cryptocurrency trading function", which has been downloaded over 10000 times on Google Play. The application has been downloaded over 10000 times after being uploaded to Google Play. We have informed Google that the app has been removed from the store, "Puzan and Kalinin said. A Google spokesperson subsequently confirmed that the application has been removed and the developer account has been banned. Regardless of whether users download through Google Play or not, Google Play Protect is enabled by default and can automatically prevent this application from running, "Google said. In addition, Kaspersky also discovered that SparkKitty was being spread through some gambling apps, pornographic games, and malicious TikTok clones.