SparkKitty, a malware suspected to be SparkCat’s little brother.

[_act_]

I think we discussed about SparkCat’s in January of this year, a malware that steals images from people's device. Another malware which is suspected to have something to do with SparkCat’s has been discovered. It is called SparkKitty malware that also steals images from people, specifically targeting people's seed phrase. For those that take screenshots of your seed phrase or other sensitive information, this is a lesson for you people.

The more surprising thing is that the malware can take someone to a fake Playstore or App store to download the fake app, but also that it is said that there are malicious apps on the Playstore store that people's devices can get the malware from.

People from Southeast Asia and China are primarily targeted according to Kaspersky.

You can use this link to read further about the malware https://securelist.com/sparkkitty-ios-android-malware/116793/

[CryptoYar]

Discovery of this SparkKitty malware linked to SparkCat is serious concern because it specifically hunts for screenshots of your crypto seed phrases and other private information on your device. This means we should never take screenshots or photos of sensitive data like seed phrases instead of this write them down physically and keep them safe offline. Even more alarming this malware can trick into downloading fake apps from what look like official app stores and some harmful apps have even slipped into real App Store and Play Store.

So even when downloading from official sources we must be very careful. We should always check app permissions and read reviews. While it is primarily targeting Southeast Asia and China everyone should stay protected by avoiding screenshots of sensitive info being extra careful with app downloads and and staying informed about new threats.

[I_Anime]

Discovery of this SparkKitty malware linked to SparkCat is serious concern because it specifically hunts for screenshots of your crypto seed phrases and other private information on your device. This means we should never take screenshots or photos of sensitive data like seed phrases instead of this write them down physically and keep them safe offline. Even more alarming this malware can trick into downloading fake apps from what look like official app stores and some harmful apps have even slipped into real App Store and Play Store.

So even when downloading from official sources we must be very careful. We should always check app permissions and read reviews. While it is primarily targeting Southeast Asia and China everyone should stay protected by avoiding screenshots of sensitive info being extra careful with app downloads and and staying informed about new threats.

Is indeed serious even the part of it being able to slip into official app and play store , not just that being able to download harmful apps in your device . That’s why is wise not to screenshot valuable information in your device like for instance your seed phrases some users are fond of that especially those that don’t really understand how important their seed phrases are , I don’t know if is laziness or ignorance is still not encouraging to screenshot or store your seed phrases online better still write on a physical copy and keep safe from external attacks like water and fire .

For one to protect he or her information from such attack is advisable to :

•Avoid saving seed phrases as screenshots , save them offline by writing them down physically (e.g papers)
• Limit app permissions, like don’t grant gallery or photo access unless when necessary.
• Always Double check app ratings , and install count before downloading. You can even go further by checking the developer names
• Scan your device regularly with reputable AV tools (e.g Avast and others )
• And you can also delete old screenshots containing sensitive information (after creating physical copies). Is always better to play it safe .

[Odohu]

I think we discussed about SparkCat’s in January of this year, a malware that steals images from people's device. Another malware which is suspected to have something to do with SparkCat’s has been discovered. It is called SparkKitty malware that also steals images from people, specifically targeting people's seed phrase. For those that take screenshots of your seed phrase or other sensitive information, this is a lesson for you people.

The more surprising thing is that the malware can take someone to a fake Playstore or App store to download the fake app, but also that it is said that there are malicious apps on the Playstore store that people's devices can get the malware from.

People from Southeast Asia and China are primarily targeted according to Kaspersky.

You can use this link to read further about the malware https://securelist.com/sparkkitty-ios-android-malware/116793/

I was thinking it was SuperKitty, that funny cartoon from Disney Jr. Maybe that was what inspired the name of this malware, something that will sound innocent but absolutely dangerous. Each time I install a new application in my phone, I usually feel so scared even though I download from trusted source. Although I do not keep my wallet data in my phone but I know what a wrong application can do to other personal data that one cannot help but store in on the phone and should not enter into unauthorized hands. Some of these apps forces us to grant so much permission before they can be used which is one big challenge too.

[sokani]

• Always Double check app ratings , and install count before downloading. You can even go further by checking the developer names

I don't think this is effective because the developers can pay people as well to give fake ratings and reviews about the apps. Unsuspecting users might read and fall for it.

From what I've seen so far, some of the most common ways scammers use to spread these malwares are through modded apps, clones, and unknown websites. Hence, to avoid infecting your device, you need to download only from verified sources, verify the signatures, and also stay clear of modded apps.

[Felicity_Tide]

I made at attempt to go through the article, but it seems enabling the site cookie is mandatory and not avoidable. While reading through the OP, I was trying to recall reading something about the SparkCat, but it seems January has been a longer time than I thought.

I have always expected a type of malware specifically to target seed phrase screenshots to be introduced sooner. Though, good and secure mobile wallet applications don't permit and allow users to take screenshots of their seed phrase, but some users can go as far as using other phones to capture it all at once. We as users have to understand that the evolution of internet does not guarantee our own security. It makes lives better, but we are still very much at risks.

@OP, are there ways of identifying this type of malware, aside avoiding unnecessary downloads or using fake play stores?.

[Die_empty]

Thanks for sharing OP. Scammers are always seeking new ways to steal from people. This is another wake-up call for us to be careful. Not every app we see on the Play Store and others is safe. Those who keep images of seed phrases online are just too lazy to keep them in a safe place offline. It is also advisable to download apps from the verified website of the developer rather than going elsewhere. Even those who are not within Southeast Asia and China should be careful because this malware might have spread to other territories.

[albon]

@OP, are there ways of identifying this type of malware, aside avoiding unnecessary downloads or using fake play stores?.

I expect that installing a good antivirus program can detect this type of advanced malware. There’s also a feature I once found in an antivirus app that automatically removes permissions from idle apps after a certain period and that’s truly a useful feature.

Also, if you download applications from Google Play, you should look at the app’s reviews , the number of downloads, and the permissions that these applications can access.

You should be careful of obscure or poorly rated apps related to cryptocurrencies, and these apps should be regularly updated.. One major mistake many people make is saving their seed phrases as screenshots or sending them through chat apps . These phrases should be stored offline only.

[Charles-Tim]

• Always Double check app ratings , and install count before downloading. You can even go further by checking the developer names

I don't think this is effective because the developers can pay people as well to give fake ratings and reviews about the apps. Unsuspecting users might read and fall for it.

It is very effective if it is the original application store and not fake one. If people that downloaded an app is up to 500 thousand or more than a million, it shows that it is from the legit site. But according to the OP, the victim can be taken to a fake application store. So fake installation counts will be there.

From what I've seen so far, some of the most common ways scammers use to spread these malwares are through modded apps, clones, and unknown websites. Hence, to avoid infecting your device, you need to download only from verified sources, verify the signatures, and also stay clear of modded apps.

You are also very right.

[Alphakilo]

I think we discussed about SparkCat’s in January of this year, a malware that steals images from people's device. Another malware which is suspected to have something to do with SparkCat’s has been discovered. It is called SparkKitty malware that also steals images from people, specifically targeting people's seed phrase. For those that take screenshots of your seed phrase or other sensitive information, this is a lesson for you people.

I find these names of malwares to be very creative. What were they thinking when they name it "SparkCat" and "SparkKitty"? Very crazy. But on a serious note, these are very important stuff and people should update their knowledge always of these malwares.

The more surprising thing is that the malware can take someone to a fake Playstore or App store to download the fake app, but also that it is said that there are malicious apps on the Playstore store that people's devices can get the malware from.

Very disappointed to know that play store and App store don't do their due diligence enough. That's why some how these malware apps are finding themselves in these places. There should be a place to call them out and report this issues.

People from Southeast Asia and China are primarily targeted according to Kaspersky.

It is going to be replicated to other countries. I don't think it can be contained.

[The Cryptovator]

I read this news this morning from Cointelegraph. I was about to create a thread to warn the community regarding this malware and then found this thread. However, thanks for the warning, our community. I hope Bitcointalk members are safe. That's the reason why we shouldn't take screenshots of our seed phrase or private keys. Otherwise, we may lose our valuable assets. Either we use a hardware wallet or a software wallet; there's no way to take screenshots or save the seed phrase in any online storage.

This is a lesson to our community onhow we should secure our wallet from hackers. We should keep in mind when installing an app from anywhere, whether it's trusted or not. When giving permission to the apps, you always need to be careful what access you are asking from the apps. Always better to use a hardware wallet and don't take a picture of the seed phrase. Secure your seed phrase physically in multiple places.

[promise444c5]

Very disappointed to know that play store and App store don't do their due diligence enough. That's why some how these malware apps are finding themselves in these places. There should be a place to call them out and report this issues.

Although not that they aren’t competent enough but yeah the system can’t be perfect , these apps normally go through security checks but some that slips through would have found a tricky way to hide these malwares to prevent detection, it’s  not just a single way, they will have multiple ways of tricking the system and once one is exposed and taken down, they move to the other.. This is the main reason why there’re open source code (for the public) but due to some reason some apps might be exploited faster because of vulnerabilities in their codes s they o stay hidden.
Besides, you can check https://support.google.com/googleplay/answer/2853570 to see about how to go about reporting , I don’t know much about iOS but both do have support that can be contacted to report them.

[Davidvictorson]

This is a lesson to our community onhow we should secure our wallet from hackers. We should keep in mind when installing an app from anywhere, whether it's trusted or not. When giving permission to the apps, you always need to be careful what access you are asking from the apps. Always better to use a hardware wallet and don't take a picture of the seed phrase. Secure your seed phrase physically in multiple places.

There is always one new way to steal a person's data and it is almost as if, when one of them is exposed there is a thousand more ways. And one of the things that scares me the most when installing an app is this clause that says "allow access to photos messages, handset details, mic access, location access, call log access, etc." How do we prevent apps from collecting our personal data with this pretext ?  

[ruykeri]

Are there any other ways Bitcoin can be hacked? Maybe some completely new methods that beginners like us don’t really know about it. I do have a basic idea of how Bitcoin can be hacked in general but I dont know much about the more advanced or hidden techniques. if i know the idea of hacking then i can protect my bitcoin too..
the thing discussed in the topic that  I just learned about it today. are there any other methods like this that could be used to hack Bitcoin? 

[BIT-BENDER]

Thanks for sharing OP. Scammers are always seeking new ways to steal from people. This is another wake-up call for us to be careful. Not every app we see on the Play Store and others is safe. Those who keep images of seed phrases online are just too lazy to keep them in a safe place offline. It is also advisable to download apps from the verified website of the developer rather than going elsewhere. Even those who are not within Southeast Asia and China should be careful because this malware might have spread to other territories.

There is a crypto-currency friend I have that stores his seed phrase saved on his Gmail draft, I have warned him severally but he feels nothing can happen and for years now nothing has really happened to the wallet.
It is important for everyone in the Crypto-currency space to not take chances, always be prepare for the worse that's how you will be able to protect yourself.

[Forsyth Jones]

There is a crypto-currency friend I have that stores his seed phrase saved on his Gmail draft, I have warned him severally but he feels nothing can happen and for years now nothing has really happened to the wallet.
It is important for everyone in the Crypto-currency space to not take chances, always be prepare for the worse that's how you will be able to protect yourself.

Unfortunately, these people learn a hard lesson after having all their funds stolen. Banking and crypto Trojans are spreading in a frightening way. Unfortunately, since we never know if our devices are infected, the best way is to protect our funds with hardware wallets.

Unfortunately, I see that many people who have hardware wallets are taking screenshots of the master seed or keeping it in email drafts.

This SparkKitty malware is scary and lethal, as it seeks to extract wallet seeds through users' screenshots. It's necessary to take security measures such as perhaps resetting the device to factory defaults, stopping downloading or installing suspicious software, and even then, avoiding storing most of your coins on online computers. If the user isn't willing to give up their convenience by sending most of their coins to a cold storage device, it's better to buy a Trezor, Bitbox, passport, etc.

[Rustam Meraj]

Unfortunately, these people learn a hard lesson after having all their funds stolen. Banking and crypto Trojans are spreading in a frightening way. Unfortunately, since we never know if our devices are infected, the best way is to protect our funds with hardware wallets.

Unfortunately, I see that many people who have hardware wallets are taking screenshots of the master seed or keeping it in email drafts.

This SparkKitty malware is scary and lethal, as it seeks to extract wallet seeds through users' screenshots. It's necessary to take security measures such as perhaps resetting the device to factory defaults, stopping downloading or installing suspicious software, and even then, avoiding storing most of your coins on online computers. If the user isn't willing to give up their convenience by sending most of their coins to a cold storage device, it's better to buy a Trezor, Bitbox, passport, etc.

It is really worrying how many people lose their crypto funds to this tricky malware like SparkKitty because they do not know risks. These dangerous programs like banking and crypto Trojans mostly sneak onto devices without users knowing making hardware wallets essential for keeping funds safe. However even with hardware wallet we are not safe if we screenshot our seed which completely defeats purpose of offline protection. SparkKitty is especially dangerous because it targets these screenshots so it is important to be extremely careful.  And that is right if we are not ready to move most of our crypto to cold storage then buying trusted hardware wallet is smart move to protect from big financial losses.

[Patikno]

@OP, are there ways of identifying this type of malware, aside avoiding unnecessary downloads or using fake play stores?.

I expect that installing a good antivirus program can detect this type of advanced malware. There’s also a feature I once found in an antivirus app that automatically removes permissions from idle apps after a certain period and that’s truly a useful feature.

What you said is true, usually a reliable antivirus scans for suspicious things or activities, so that it automatically takes preventive measures against it, and maybe what you mean is one of the antivirus applications that has a robot logo, right? Because I have used it, and it is really very reliable in doing prevention and security.

Other than that, I think it should be for anyone to install a reliable antivirus, so that they can avoid losses caused by attacks, and don't forget to always update when it is available, this must also be considered especially for a beginner, because I often find people who don't really care about antivirus.

[Coin_info]

The more surprising thing is that the malware can take someone to a fake Playstore or App store to download the fake app, but also that it is said that there are malicious apps on the Playstore store that people's devices can get the malware from.

People without proper information or this level of information may believe that this level of sophistication does not exist and because of their belief they may keep them self vulnerable being careless online with their activities because their idea of cyber criminals is that they still make use of the old archaic methods that they know. Those are the exact kinds of people that first become victims because of their deficit in information.

Thank you for this, this emphasizes the need for more caution online.

[Forsyth Jones]

What you said is true, usually a reliable antivirus scans for suspicious things or activities, so that it automatically takes preventive measures against it, and maybe what you mean is one of the antivirus applications that has a robot logo, right? Because I have used it, and it is really very reliable in doing prevention and security.

Other than that, I think it should be for anyone to install a reliable antivirus, so that they can avoid losses caused by attacks, and don't forget to always update when it is available, this must also be considered especially for a beginner, because I often find people who don't really care about antivirus.

I've been using iOS for years (and recently I've also switched back to Android). I've never installed any antivirus and never had my funds stolen from hot wallets installed on my phone. This means that if you maintain good security practices, such as only installing apps that need it, not installing suspicious apps and checking the permissions granted, the chances of you getting malware are drastically reduced.

But even so, we can't be careless with thieves. Nowadays, it's very easy to use hardware wallets that connect to the mobile device, such as the Trezor via USB or air-gapped hardware wallets where we can sign transactions by scanning QR Codes.

It's scary to hear about malware that exfiltrates recovery phrases (seed phrases) from these images. That was my biggest fear and they really do exist. We should be very careful.