Security experts have uncovered a sneaky new type of malicious software, dubbed SparkKitty, that can steal your entire photo collection. What makes it particularly concerning? This threat was found lurking within apps downloaded from official sources like the Google Play Store and Apple’s App Store, not just shady corners of the internet.
Contents
This discovery highlights a growing risk: even trusted app marketplaces aren’t always 100% safe. SparkKitty is designed specifically to grab your personal images, turning your photo gallery into a potential goldmine for cybercriminals.
What is SparkKitty and How Does It Work?
SparkKitty is classified as a “trojan” malware. Think of a trojan horse – it’s malicious software disguised as something harmless or even desirable. In this case, SparkKitty hides inside seemingly legitimate mobile apps.
It’s also “cross-platform,” meaning it can infect devices running both Android and iOS operating systems, including iPhones and iPads.
Once it gets onto your device, the malware often prompts you to grant it access to your photo gallery. This might look like a standard app permission request. However, if you grant access, SparkKitty then takes control, systematically uploading every single photo and video from your gallery to a server controlled by the hackers. These servers are essentially command centers that let the criminals receive the stolen data and control the infected devices remotely.
Where Was This Sneaky Malware Found?
Researchers at cybersecurity firm Kaspersky found SparkKitty embedded in several places:
- Official App Stores: Shockingly, it appeared in apps available on both Google Play and the Apple App Store. On Google Play, it was found in an app called SOEX, which offered messaging and crypto exchange features. This app had been downloaded over 10,000 times before its discovery. Kaspersky notified Google, who has since removed the app. On the Apple App Store, it was found hidden inside a Bitcoin tracking app.
- Unofficial Sources: The malware also spread through fake app installers found outside official stores, often disguised as popular apps like TikTok clones, gambling games, adult games, and crypto-related tools.
It’s not entirely clear how SparkKitty ended up in official app stores. It’s possible that the developers of the infected apps were themselves unaware that their software supply chain had been compromised. However, the possibility that developers deliberately included the malware is also a concern.
Screenshot of the SOEX app listing on Google Play
SparkKitty isn’t the first of its kind. It’s believed to be related to an earlier threat called SparkCat, which was first seen targeting users in Asia in early 2024. Researchers suggest that the campaign behind SparkKitty has expanded its reach globally.
Screenshot of the SOEX app listing on Google Play
Protecting Your Phone from Photo-Stealing Malware
The old advice to only download apps from official stores is still important, but SparkKitty shows it’s not foolproof. Here’s what you can do to stay safer:
- Be Mindful of Permissions: This is crucial. When an app asks for permission, especially for something sensitive like access to your entire photo library, ask yourself if the app really needs it to function. A simple flashlight app doesn’t need access to your photos. Grant access only to specific items if the app allows, rather than granting full access by default.
- Avoid Storing Sensitive Info in Photos: It’s tempting to snap pictures of documents, passwords written down, or crypto wallet seed phrases. Don’t. Your photo gallery is a potential target for malware like SparkKitty, but also if your phone is lost or accessed by others. Use secure password managers or dedicated secure note apps instead.
- Research Apps Before Downloading: Even in official stores, take a moment to check reviews (though be aware some can be faked) and research the app developer. A quick search for the app name or developer online might reveal red flags.
- Be Suspicious of “Free” Paid Apps: If an app that normally costs money is offered for free through unofficial channels, it’s a huge warning sign. As experts note, you might be “paying” with your privacy and data instead of cash.
- What If You Suspect Infection? If you think you might have downloaded a suspicious app, delete it immediately. Then, quickly review your photo gallery to see what sensitive information might have been accessible. Change any passwords or block financial cards that were stored in image form.
The threat landscape is constantly evolving, and malware like SparkKitty reminds us that we need to stay vigilant. Even when using official app stores, paying attention to the apps we download and the permissions we grant is key to protecting our personal data.
