A new mobile malware called SparkKitty is targeting both iPhones and Android phones, stealing users' private photos and screenshots.
The malware has been active since early 2024 and has infiltrated the Apple App Store and Google Play through seemingly innocent apps.
Apps like '币coin' on iOS and the SOEX messaging app on Android request photo-gallery permissions and silently upload images to hackers' servers.
SparkKitty Spyware differs from its predecessor by focusing on entire photo libraries and using optical character recognition to identify sensitive content.
Once permission is granted, the spyware operates silently by bypassing App Store rules on iOS and hiding within legitimate-looking apps on Android.
It uploads existing images and new ones in near real time, particularly targeting screenshots containing financial or identity-related text.
Experts recommend limiting screenshots of sensitive information and using physical backups instead, along with enabling Google Play Protect and antivirus software for Android users.
The spyware poses a significant threat to user privacy and data security.
Researchers advise caution when granting permissions to apps, especially those requesting access to sensitive data like photos.
Users are encouraged to stay vigilant and take necessary steps to protect their personal information from malicious actors.
Kaspersky discovered this spyware and provided recommendations for users to safeguard their devices against such threats.
The emergence of SparkKitty highlights the ongoing challenges of mobile security and the need for continuous vigilance.
It serves as a reminder for users to be cautious while downloading and using apps that request sensitive permissions.
Ensuring device security through software updates, antivirus programs, and safe browsing practices is crucial in combating such malicious threats.
The threat of mobile malware underscores the importance of cybersecurity awareness and proactive measures to prevent unauthorized access.
SparkKitty reinforces the importance of maintaining a secure digital environment and being mindful of potential security risks in the digital landscape.