Beware the ’SparkKitty’ Trojan: How This Stealthy Threat Is Draining Crypto Wallets From Your Phone
Your smartphone just became a hacker's golden goose. A new Trojan dubbed 'SparkKitty' is slipping past defenses to hijack crypto wallets—and it's spreading fast.
How does it work? The malware disguises itself as legitimate apps, then lurks until you input wallet credentials. Once it strikes, your digital assets vanish faster than a Bitcoin bull run during an FUD storm.
Security researchers report the Trojan uses sophisticated keylogging and screen overlay attacks. It bypasses 2FA like a Wall Street banker dodging accountability—silently capturing every PIN, seed phrase, and password.
Android users are prime targets, but no platform is completely safe. The attack vector? Mostly sideloaded apps and phishing links promising 'free crypto'—because greed still outpaces common sense in this market.
Protect yourself: Stick to official app stores, enable biometric locks, and never—ever—type seed phrases on mobile devices. Remember: In crypto, your security is only as strong as your weakest link. And right now, SparkKitty is exploiting every one it finds.
Infected devices
Malware like SparkKitty enables such thefts as attackers can use data from infected devices to search for wallet credentials. Seed phrases are highly valuable because they allow full access to a user's crypto wallet.
SparkKitty is believed to be linked to the SparkCat spyware campaign first uncovered in January 2025, which similarly used malicious SDKs to gain access to photos on user devices.
While SparkCat focused its spyware on images with seed phrases using Optical Character Recognition (OCR technology, SparkKitty indiscriminately uploads photos, presumably to be processed later.
Its presence has been confirmed in both Android and iOS apps on their respective app stores, including disguised as crypto-themed tools and TikTok mods.
SparkKitty joins a host of other crypto-targeting malware and trojans that have gained popularity among hackers over the last few years.
Among them, the information stealer Noodlophile has been found embedded in AI tools available for download online, taking advantage of current interest around the technology.
Hackers build convincing-looking AI sites and then advertise them via social media to attract unsuspecting victims.
An international law enforcement effort in May targeted key infrastructure related to the distribution of another strain of malware, LummaC2, which has been linked to over 1.7 million theft attempts.
LummaC2 aimed to steal information related to login credentials, including for crypto wallets.
Edited by Sebastian Sinclair
