Whether you use an iPhone or an Android phone, chances are, there’s plenty of sensitive personal and financial information on your smartphone. While hackers have been known to go after your passwords, there’s a new malware strain making the rounds online that also has your photo library in its sights.
As reported by BleepingComputer, both the best iPhones and the best Android phones are currently being targeted in a new campaign that uses SparkKitty to steal all of the images of an infected device.
According to the cybersecurity firm Kaspersky, this campaign has been active since February of last year. However, what sets it apart is the fact that the malware in question found its way onto both Apple’s App Store and the Google Play Store.
If you thought the hackers behind this campaign were after your selfies, think again. Instead, they’re looking for screenshots of crypto wallet seed phrases. For those unfamiliar, these very important phrases are the only way you can regain access to a crypto wallet if you forget your password. With them in hand though, hackers can easily drain all of your digital currency and good luck trying to get it back.
Here’s everything you need to know about this new campaign along with some tips and tricks on how you can avoid having your Android phone or even your iPhone come down with a nasty malware infection.
Infiltrating official and unofficial app stores
Just like with many other malware campaigns, this one uses malicious apps to establish a foothold on targeted devices before infecting them with SparkKitty.
In its report on the matter, Kaspersky explains that the hackers behind this campaign used the SOEX messaging app which also has cryptocurrency exchange features to target Android users directly on the Google Play Store. Meanwhile, on iPhone, they used the 币coin app on Apple’s App Store to achieve the same thing.
While Google has already removed the SOEX app from the Play Store, at the time of writing, the 币coin app is still up on the App Store and has yet to be removed by Apple. Either way, if you downloaded either of these apps, you should manually delete them right now.
At the same time, Kaspersky also found modded TikTok clones with fake online cryptocurrency stores as well as gambling apps, adult-themed games and casino apps distributing the SparkKitty malware. However, instead of being available on an official app store, these apps had to be sideloaded.
SparkKitty is embedded as fake frameworks or delivered via enterprise provisioning profiles on iOS whereas on Android, the malware is embedded in both Java and Kotlin apps. On an iPhone, the malware is automatically executed when an app starts but on Android, it’s triggered when an app launches or when a specific action like opening a certain screen type takes place.
To gain access to a victim’s photo library, SparkKitty requests access to an iPhone’s photo gallery but on Android, the malicious app used to install the malware prompts the user to grant storage permissions so that it can access any images stored on their device. Either way, once installed, the malware begins exfiltrating both existing pictures and any new ones taken on an infected phone.
From there, the malware goes through all of these stolen images, specifically looking for screenshots of crypto wallet seed phrases. When you sign up for a new crypto wallet or exchange, you’re given a seed phrase and told to write it down to store it for safekeeping.
Although taking a screenshot seems like a fast and practical way to do this, this campaign and others like it show just how dangerous doing this can be. This is why old-fashioned paper and pen is the best way to store your seed phrases. However, you should also store them under lock and key to protect them further.
How to stay safe from malicious apps spreading malware
Although you can end up with a malware infection from clicking on malicious links, downloading email attachments from unknown senders and through piracy, one of the most common ways is via malicious apps either on official or unofficial app stores.
For this reason, you need to be extremely careful when putting any new app on your iPhone or Android phone. You want to make sure that you read an app’s reviews and check its rating but since these can be faked, you also want to look for external reviews on other sites. If you can find one, video reviews are an even better option since you get to see an app in action before installing it.
It’s also worth noting that even good apps can go bad when injected with malicious code which is why I always recommend limiting the number of apps you have installed on your devices. With fewer apps installed, there’s less of a risk that you downloaded a malicious one or that a legitimate app has been hijacked by hackers.
Before downloading any new app, you first want to ask yourself if you really need it. It’s likely one of your existing apps or even your phone’s operating system is able to accomplish the same thing.
I always recommend limiting the number of apps you have installed on your devices. With fewer apps installed, there’s less of a risk that you downloaded a malicious one.
Additionally, you also want to stick to trusted and well-known apps when possible and for most people, you should never sideload any app onto your phone. The reason being is that the apps on Apple’s App Store and the Google Play Store go through rigorous security checks that both sideloaded apps and those from unofficial app stores don’t.
Bad apps do manage to slip through the cracks from time to time. However, if you aren’t carelessly downloading new ones, you’ll be far less likely to accidentally install a malicious app.
As for staying safe from mobile malware, if you have an Android phone, you want to make sure that Google Play Protect is enabled on your devices. This free and built-in security app scans all of your existing apps and any new ones you download for malware or other malicious activity to keep you safe. For extra protection though, you might also want to consider running one of the best Android antivirus apps alongside it.
While there’s no equivalent to these Android antivirus apps due to Apple’s own malware scanning restrictions, the best Mac antivirus software from Intego is able to scan both your iPhone or iPad for malware but they have to be plugged into a Mac via USB cable to do so.
Malicious apps aren’t going anywhere anytime soon given how successful they’ve been for hackers in malware campaigns like the one described above. However, if you think before you tap and limit the number of apps on your phone overall, your chances of ending up with a malware infection after downloading a malicious app will be a lot lower.
Likewise, you also want to make sure that you talk to both your younger and older family members and friends about the risks posed by malicious apps in order to keep everyone you know safe from hackers.
