Skip to main content
Tom’s Guide
Tom’s Guide
Search Tom’s Guide
View Profile
Newsletters
Best Picks
Entertainment
Prime Day Deals
Switch 2 Restock
Galaxy Z Fold 7
Wordle Today
Best Mattress
Best laptops
Recommended reading
Online Security
Delete these 20 apps right now if you downloaded them from the Play Store — they’re malicious
Malware & Adware
Hackers are impersonating banks to infect your Android phone with credit card-stealing malware
Online Security
New ChoiceJacking attack lets hackers steal data from your phone using public chargers — how to stay safe
Malware & Adware
Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe
Malware & Adware
Godfather malware is now hijacking legitimate banking apps — and you won’t see it coming
Malware & Adware
Macs under threat from new malware campaign impersonating major ISP — how to stay safe
Online Security
FBI issues serious warning to iPhone and Android users — stop answering these calls ASAP
Online Security
Malware & Adware
SparkKitty spyware caught stealing photos on iPhone and Android — and the reason might surprise you
Anthony Spadafora
24 June 2025
Spyware used malicious apps to infiltrate Apple’s App Store and the Google Play Store
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Getty Images)
Whether you use an iPhone or an Android phone, chances are, there’s plenty of sensitive personal and financial information on your smartphone. While hackers have been known to go after your passwords, there’s a new malware strain making the rounds online that also has your photo library in its sights.
As reported by BleepingComputer, both the best iPhones and the best Android phones are currently being targeted in a new campaign that uses SparkKitty to steal all of the images of an infected device.
According to the cybersecurity firm Kaspersky, this campaign has been active since February of last year. However, what sets it apart is the fact that the malware in question found its way onto both Apple’s App Store and the Google Play Store.
You may like
Delete these 20 apps right now if you downloaded them from the Play Store — they’re malicious
Hackers are impersonating banks to infect your Android phone with credit card-stealing malware
New ChoiceJacking attack lets hackers steal data from your phone using public chargers — how to stay safe
If you thought the hackers behind this campaign were after your selfies, think again. Instead, they’re looking for screenshots of crypto wallet seed phrases. For those unfamiliar, these very important phrases are the only way you can regain access to a crypto wallet if you forget your password. With them in hand though, hackers can easily drain all of your digital currency and good luck trying to get it back.
Here’s everything you need to know about this new campaign along with some tips and tricks on how you can avoid having your Android phone or even your iPhone come down with a nasty malware infection.
Infiltrating official and unofficial app stores
(Image credit: Shutterstock)
Just like with many other malware campaigns, this one uses malicious apps to establish a foothold on targeted devices before infecting them with SparkKitty.
In its report on the matter, Kaspersky explains that the hackers behind this campaign used the SOEX messaging app which also has cryptocurrency exchange features to target Android users directly on the Google Play Store. Meanwhile, on iPhone, they used the 币coin app on Apple’s App Store to achieve the same thing.
Sign up to get the BEST of Tom’s Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
While Google has already removed the SOEX app from the Play Store, at the time of writing, the 币coin app is still up on the App Store and has yet to be removed by Apple. Either way, if you downloaded either of these apps, you should manually delete them right now.
At the same time, Kaspersky also found modded TikTok clones with fake online cryptocurrency stores as well as gambling apps, adult-themed games and casino apps distributing the SparkKitty malware. However, instead of being available on an official app store, these apps had to be sideloaded.
SparkKitty is embedded as fake frameworks or delivered via enterprise provisioning profiles on iOS whereas on Android, the malware is embedded in both Java and Kotlin apps. On an iPhone, the malware is automatically executed when an app starts but on Android, it’s triggered when an app launches or when a specific action like opening a certain screen type takes place.
To gain access to a victim’s photo library, SparkKitty requests access to an iPhone’s photo gallery but on Android, the malicious app used to install the malware prompts the user to grant storage permissions so that it can access any images stored on their device. Either way, once installed, the malware begins exfiltrating both existing pictures and any new ones taken on an infected phone.
From there, the malware goes through all of these stolen images, specifically looking for screenshots of crypto wallet seed phrases. When you sign up for a new crypto wallet or exchange, you’re given a seed phrase and told to write it down to store it for safekeeping.
Although taking a screenshot seems like a fast and practical way to do this, this campaign and others like it show just how dangerous doing this can be. This is why old-fashioned paper and pen is the best way to store your seed phrases. However, you should also store them under lock and key to protect them further.
How to stay safe from malicious apps spreading malware
(Image credit: Google)
Although you can end up with a malware infection from clicking on malicious links, downloading email attachments from unknown senders and through piracy, one of the most common ways is via malicious apps either on official or unofficial app stores.
For this reason, you need to be extremely careful when putting any new app on your iPhone or Android phone. You want to make sure that you read an app’s reviews and check its rating but since these can be faked, you also want to look for external reviews on other sites. If you can find one, video reviews are an even better option since you get to see an app in action before installing it.
It’s also worth noting that even good apps can go bad when injected with malicious code which is why I always recommend limiting the number of apps you have installed on your devices. With fewer apps installed, there’s less of a risk that you downloaded a malicious one or that a legitimate app has been hijacked by hackers.
Before downloading any new app, you first want to ask yourself if you really need it. It’s likely one of your existing apps or even your phone’s operating system is able to accomplish the same thing.
I always recommend limiting the number of apps you have installed on your devices. With fewer apps installed, there’s less of a risk that you downloaded a malicious one.
Additionally, you also want to stick to trusted and well-known apps when possible and for most people, you should never sideload any app onto your phone. The reason being is that the apps on Apple’s App Store and the Google Play Store go through rigorous security checks that both sideloaded apps and those from unofficial app stores don’t.
Bad apps do manage to slip through the cracks from time to time. However, if you aren’t carelessly downloading new ones, you’ll be far less likely to accidentally install a malicious app.
As for staying safe from mobile malware, if you have an Android phone, you want to make sure that Google Play Protect is enabled on your devices. This free and built-in security app scans all of your existing apps and any new ones you download for malware or other malicious activity to keep you safe. For extra protection though, you might also want to consider running one of the best Android antivirus apps alongside it.
While there’s no equivalent to these Android antivirus apps due to Apple’s own malware scanning restrictions, the best Mac antivirus software from Intego is able to scan both your iPhone or iPad for malware but they have to be plugged into a Mac via USB cable to do so.
Malicious apps aren’t going anywhere anytime soon given how successful they’ve been for hackers in malware campaigns like the one described above. However, if you think before you tap and limit the number of apps on your phone overall, your chances of ending up with a malware infection after downloading a malicious app will be a lot lower.
Likewise, you also want to make sure that you talk to both your younger and older family members and friends about the risks posed by malicious apps in order to keep everyone you know safe from hackers.
More from Tom’s Guide
Security warning for over 1.8 billion Gmail users — implement these critical security steps now
7 online scams that can leave you broke, exposed, and feeling helpless — how to stay safe
Over 700K people hit in major healthcare data breach — full names, SSNs, medical info and more exposed
Today’s Intego deals
Mac Internet Security
Mac Premium Bundle
We check over 250 million products every day for the best prices
See more Computing News
Anthony Spadafora
Social Links Navigation
Managing Editor Security and Home Office
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Delete these 20 apps right now if you downloaded them from the Play Store — they’re malicious
Hackers are impersonating banks to infect your Android phone with credit card-stealing malware
New ChoiceJacking attack lets hackers steal data from your phone using public chargers — how to stay safe
Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe
Godfather malware is now hijacking legitimate banking apps — and you won’t see it coming
Macs under threat from new malware campaign impersonating major ISP — how to stay safe
Latest in Malware & Adware
Godfather malware is now hijacking legitimate banking apps — and you won’t see it coming
Major Windows Secure Boot flaw can be used by hackers to install bootkit malware — update your PC right now
Macs under threat from new malware campaign impersonating major ISP — how to stay safe
Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe
AirPlay flaw exposes all Apple devices to hacking over Wi-Fi — what you need to know
This newly discovered iOS flaw could completely brick your iPhone with a single line of code
Latest in News
Samsung Galaxy Unpacked announced for July 9 — and it’s when the ‘Ultra Unfolds’
T-Satellite with Starlink is launching next month — what you need to know about T-Mobile’s satellite-to-mobile service
Samsung launches Exynos 2500 just ahead of Unpacked — chip rumored to power Galaxy Z Flip 7
Over 700K people hit in major healthcare data breach — full names, SSNs, medical info and more exposed
‘The Boys’ season 5 reportedly just finished filming — here’s when we think it’ll debut on Prime Video
Steam is coming to the Xbox PC app on Windows — and you can try it this week
LATEST ARTICLES
I’m telling everyone to stream this millennial masterpiece for free on Tubi — and it’s 96% on Rotten Tomatoes
Panasonic’s 2025 flagship OLED TV is a true stunner — and it might beat LG and Samsung
Early 4th of July sales to shop now — 41 deals worth grabbing from Amazon, Walmart and more
Planning to upgrade to one of NBN Co’s new NBN 500 or NBN 750 plans this September? Don’t make this rookie mistake
I teach weightlifting for a living — 3 moves build full-body muscle and crush your core in just 15 minutes
Tom’s Guide is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Terms and conditions
Contact Future’s experts
Privacy policy
Cookies policy
Accessibility Statement
Advertise with us
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait…