Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Spyware in App Stores Steals Your Photos

June 23, 2025
Reading Time: 2 mins read
in Alerts
Stealth Malware Targets Fortinet Firewalls

A newly uncovered spyware campaign called SparkKitty has infiltrated both Apple’s App Store and Google Play successfully. This sophisticated new campaign marks a significant escalation in mobile malware being distributed through strictly official channels. The Trojan spy represents the latest evolution in the cryptocurrency-focused attacks previously seen in other similar campaigns. It specifically targets both iOS and Android devices simultaneously, employing a variety of platform-specific infection techniques. This sustained and coordinated campaign has been active since at least February 2024, indicating a very serious effort.

The primary objective of the SparkKitty malware appears to be the theft of all photographs from infected devices.

Attackers are hoping to capture extremely sensitive data like cryptocurrency wallet seed phrases from the stolen image files. Unlike its predecessor, SparkKitty indiscriminately steals all accessible images from the device galleries of its many victims. The campaign has demonstrated considerable geographic focus, primarily targeting users in both Southeast Asia and also in China. This malware spreads through applications designed for these regions, like Chinese gambling games and TikTok modifications.

The technical sophistication of SparkKitty becomes very apparent when examining its complex implementation details on iOS. On iOS devices, the malicious payload is delivered through frameworks that mimic legitimate networking software libraries. It also utilizes obfuscated libraries cleverly disguised as necessary system components like the file libswiftDarwin.dylib. The malware leverages Objective-C’s automatic class loading mechanism through the use of the special load selector.

This function executes automatically when applications launch, providing an entry point for the malicious activity to begin.

The malware implements a multi-stage verification process before it will ever activate its primary malicious payload. It first checks a specific key in the application’s configuration file to prevent any accidental unintended execution. Following verification, SparkKitty retrieves and decrypts an encoded configuration containing command and control server addresses. The malware establishes communication with its C2 infrastructure to receive authorization codes that permit photo uploading. Once authorized, it systematically accesses the device’s gallery and uploads any new photographs to the server.

  • SparkKitty Spyware Hunts For Crypto Keys By Stealing Your Entire Photo Gallery
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJune 2025
ADVERTISEMENT

Related Posts

Malicious npm Packages Deliver Protestware

Matanbuchus Malware Spread via Teams Voice

July 18, 2025
Malicious npm Packages Deliver Protestware

Hackers Host Amadey Malware via GitHub Repos

July 18, 2025
Malicious npm Packages Deliver Protestware

Malicious npm Packages Deliver Protestware

July 18, 2025
Malicious Telegram APK Campaign Uncovered

Malicious Telegram APK Campaign Uncovered

July 17, 2025
SonicWall Zero-Day RCE Exploited

Stealthy JavaScript Attacks via SVG Files

July 17, 2025
SonicWall Zero-Day RCE Exploited

SonicWall Zero-Day RCE Exploited

July 17, 2025

Latest Alerts

Matanbuchus Malware Spread via Teams Voice

Hackers Host Amadey Malware via GitHub Repos

Malicious npm Packages Deliver Protestware

Malicious Telegram APK Campaign Uncovered

Stealthy JavaScript Attacks via SVG Files

SonicWall Zero-Day RCE Exploited

Subscribe to our newsletter

    Latest Incidents

    Stormous Hits North Country Health

    BigONE Crypto Exchange $27M Hit

    Co-op Data Stolen of 6.5M Members

    Cyberattack Strikes Air Serbia

    Customer Data Breach at Seychelles Bank

    Ukrainian Hack Hits Russian Drone Firm

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial