🚨 Warning: Sneaky New Malware Drains Crypto Wallets on iPhones & Android Devices

Your smartphone just became a backdoor for crypto thieves. A newly discovered malware strain bypasses security protocols on both iOS and Android devices—draining wallets without triggering alarms.

How it works: The malicious code mimics legitimate apps while running invisible background processes. No dramatic ransom demands, no system crashes—just silent siphoning of Bitcoin, Ethereum, and other assets.

Security researchers found the malware actively exploits:

- Clipboard hijacking to redirect transactions

- Fake biometric authentication prompts

- API vulnerabilities in popular wallet apps

Ironically, the most 'secure' chains get hit hardest—because who needs cold storage when you've got reckless confidence in your $10,000 smartphone?

Defensive moves: Isolate trading activities to dedicated devices, revoke unnecessary wallet permissions, and for God's sake stop approving every 'urgent' signature request.

How SparkKitty Targets Crypto Wallet Apps

Popular security firm Kaspersky identified this new malware today after months of observation across different mobile operating systems.

Earlier in February, the firm discovered SparkCat, an earlier iteration of this malware. After the previous discovery, the malicious developers repackaged this trojan through new apps.

Our researchers uncovered #SparkKitty, a stealthy Trojan targeting both #iOS and #Android devices.

It captures images and device data from infected phones and transmits them to the attackers. The Trojan was embedded in apps related to #crypto, gambling, and even a trojanized… pic.twitter.com/2CjjSwcpeo

According to the company’s full report, this piece of malware is specifically focused on targeting crypto users, especially in China and Southeast Asia.

Hackers embedded SparkKitty into crypto-related apps, like price trackers and messengers with crypto-buying functionality. One such compromised messenger, SOEX, was downloaded over 10,000 times before removal.

SparkKitty’s operators also branched out to include casino apps, adult sites, and fake TikTok clones. Even if a user downloaded a contaminated app, the malware wouldn’t automatically start looking for crypto.

Instead, the app WOULD ostensibly function normally, asking for access to users’ photos. It would continue appearing normal even after gaining this permission.

In other words, this malware would repeatedly scan image data for signs of a crypto seed phrase, double-checking the compromised device periodically.

Kaspersky’s researchers have several reasons to believe that SparkKitty is an upgraded SparkCat. For example, they share several debug symbols, code construction, and even a few compromised vector apps.

However, SparkKitty is more ambitious than SparkCat. The earlier malware would focus on penetrating crypto security, while the upgraded version can compromise many types of sensitive data.

SlowMist TI Alert

A new malware named #SparkKitty that steals all photos from infected iOS & Android devices — searching for crypto wallet seed phrases.

Delivered via:
"币coin" (App Store)
"SOEX" (Google Play, 10K+ installs, now removed)
Casino apps, adult… pic.twitter.com/47WDc8l6tQ

Nonetheless, SparkKitty’s main priority is still in uncovering seed phrases.

Overall, the best caution for users is never to store seed phrases digitally. Don’t even take a photo of it.

There’s no shortage of recent scams and malware that can compromise this password, thereby allowing attackers to steal all your crypto. It’s important not to give sketchy apps access to your devices, but it’s doubly vital to protect your seed phrase.