This is generally not a good idea to keep the screenshot of sensitive information on your phone, but you probably should remove them, especially if they belong to your crypto wallet.
A new trojan detective known as a sparkcitty, targets information from the screenshot stored in your gallery. It is likely to be associated with detective, infamous Sparkcat data steeler It emerged earlier this year focuses on sensitive data, such as seed phrases for crypto wallets. New Trojan was mentioned for the first time Securelist by kaspasky,
Also: How Avast’s free AI-Investigated Scam Guardian protects you from online con artists
According to Kaspersky, malware targets iOS and Android devices. While the malware app spreads from the store and Google Play Store (and has been removed from both), it is also spreading naturally.
What is sparkkitty?
Here is how malware works. Kaspersky stated that it identified a version of Trojan that mimics all images in your gallery and the other one that uses OCR, especially to find images related to financial information.
Also: Best Data Removal Services: Remove yourself from the Internet
If you have a cryptocurrency, you were probably encouraged to write a seed phrase when you made your wallet and stored it in a safe, offline location. This phrase is important to restore a wallet and its content on a device in addition to the origin, which makes it an attractive goal for thieves. It is optimal to write the phrase below, many people take a screenshot to remember it later.
The malware comes from valid-looking downloads, including messaging apps, crypto trading apps, moded tickets clone, fake online cryptocurrency store, gambling app, adult-theme games and casino apps.
If you accidentally install software, it discovers your gallery and sends your data to nefarious parties that can erase your wallet or target your other accounts.
Also: 184 million passwords leaked in Facebook, Google, More: What do you know about this data breech
How to keep safe from sparkcitti
If you want to protect yourself from this (or any other) malware, then there are some steps you can take:
- Go to the settings of your phone and check the permissions of each app. Until the app needs it, cancel the access to camera, photos, storage and accessibility features (for example, a wallpaper app does not require access to your files).
- Only install apps from official app stores like Google Play and App Store (but still, be aware of the fact that Malware can slip, as Sparkki did).
- Do not save screenshots of sensitive information, such as ID, passport, crypto wallet, seed phrases, passwords and two-factor authentication backup code. Either remove this data or transfer the screenshot to a password-protected folder.
