In the last months, mobile security has been compromised by a new malware that exploits TikTok's popularity to attack users around the world. Under the guise of the popular video app, Cybercriminals distribute fake versions which, in reality, hide a Trojan called SparkKitty capable of stealing personal information and photographic files from the mobile device.
Researchers from Kaspersky Lab They have identified that SparkKitty affects both iOS and Android devices, and focuses especially on images stored in the gallery as well as sensitive data on the phone. Although most of the detected cases correspond to countries in Southeast Asia and China, The threat also reaches European and Spanish users.
A Trojan that steals images, passwords, and crypto wallets
SparkKitty's modus operandi stands out for its objective: the theft of photographs and recovery phrases from cryptocurrency wallets., according to experts. This malware not only accesses the gallery after logging into the trojanized app, but can also identify screenshots and data related to digital wallets thanks to the integration of an optical character recognition (OCR) system.
Potential victims of SparkKitty don't just see their private images compromised. Infected applications send all the stolen information to servers controlled by the attackers., seeking to obtain passwords, bank details, and, above all, access keys to cryptocurrencies. This pattern reinforces the suspicion that The theft of digital assets is the main motivation of attackers.
Dissemination in official stores and alternative routes
The Trojan not limited to unreliable or secondary channelsSparkKitty has been detected in apps uploaded to Google Play and the App Store, sometimes disguised under names linked to financial or gambling services, but also through “cloned” versions of TikTok that appear legitimate to the average user. In addition, there is a parallel distribution through fraudulent websites that impersonate official stores and through links shared on social networks like YouTube.
In the case of iOS, criminals have even created pages that simulate the App Store and employ legal installation methods outside the official store, for example, using developer tools or corporate certificates. On Android, the threat is multiplied, as users often download APK files from external websites without verifying their source, which facilitates the spread of malicious apps.
Trojanized apps: from gambling to cryptocurrencies
The variety of applications infected by SparkKitty is wide. There have been cases in messaging apps, cryptocurrency exchanges, gambling, and even fake versions of TikTok with built-in stores. that only accept payments in cryptocurrencies. Examples such as the alleged SOEX tool have surpassed 10.000 downloads on Google Play, acting seemingly normal while collecting images and user data without raising suspicion.
In his research, Kaspersky analysts have found that the malicious code is written in fluent Chinese, at least in the Android versions., which suggests the involvement of groups from Europe and Asia. However, the authorship of these campaigns has not yet been definitively identified.
Recommendations and security measures
Faced with this scenario, Experts urge users to take extreme precautions when installing new apps, especially if they require permission to access your photo gallery or request sensitive data. In addition to reviewing the source and ratings of the apps, recommend removing any suspicious applications and avoid storing screenshots with important information on your mobile.
Kaspersky has already informed both Apple and Google of the findings, hoping they will remove the fraudulent apps as soon as possible. The main advice is to always download from official sources, avoiding links or pages promoted by unverified channels..
The recent cases of fake TikTok and SparkKitty apps highlight the importance of maintaining vigilance when downloading anything. Although several platforms are taking action to remove this content, Only prudence and responsible use can reduce the risk of personal data or digital asset theft..
