[Repost from Lifehacker] Screenshots Are The Latest RISKs!

 

[Reposting EN TOTO from lifehacker.com Emily Long, 06.24.2025 - New reason to never keep screenshots of private information on your phone]  If you keep screenshots of login credentials or cryptocurrency seed phrases—or any sensitive content, really—in your phone's photo gallery, you should go through and remove them. A spyware campaign targeting images is spreading through apps found on the Apple App and Google Play stores as well as third-party sources. SparkKitty malware gains access to photo galleries on iOS and Android, allowing it to exfiltrate images or data contained within😡😡😡

If SparkKitty infects your iOS device, it requests permission to access your photo gallery which, if granted, will allow the program to monitor for and exfiltrate new images. On Android, SparkKitty requests storage permissions to access images so that it can upload images along with device identifiers and metadata. It may also use Google ML Kit's optical character recognition (OCR) to specifically target images like screenshots that contain text.  Kaspersky also discovered the malware in TikTok clones—distributed via unofficial platforms—that embed various fake apps😗😗😗

SparkKitty may be an iteration of SparkCat, a photo-scanning malware that was first identified earlier this year but had likely been circulating for some time. While SparkCat specifically targeted crypto wallets using OCR to identify text keywords, SparkKitty appears to indiscriminately steal images from compromised galleries. Since some SparkKitty delivery vectors have been crypto-themed, Kaspersky researchers believe crypto theft is still the primary goal, though the possibility of other sensitive content being used maliciously—extortion, for example—remains.  So, WHAT DO YOU NEED TO DO???

iOS and Android users can take steps both to minimize or protect the sensitive data stored on their devices as well as limit the risk of falling victim to spyware like SparkKitty in the first place.  First and foremost, DON'T keep photos or screenshots of your crypto seed phrase, login credentials, or sensitive content of any kind in your photo gallery. Doing so puts your accounts at risk if your device is compromised in any way, whether by malware or physical theft. Regular logins can be locked in a password manager behind several layers of security!!!

You should also EXERCISE CAUTION when downloading apps to your device, whether from the Google Play and Apple App stores or unofficial sources. Unfortunately, you can't trust everything you find even on vetted platforms. Look for red flags: Check the developer's history and scrutinize reviews, especially if there are a lot of glowing reviews relative to the number of downloads. Be wary of requests to access your photo gallery, especially if those permissions aren't related to the app's functionality. In fact, you should pay close attention to permissions requested any time you install a new app—don't just blindly allow them!@#$%?