The ‘SparkKitty’ Trojan, identified by Kaspersky, is a mobile malware that steals images from infected devices, likely to extract cryptocurrency wallet seed phrases. Distributed via official app stores and third-party sites, it embeds itself in crypto trading apps and TikTok mods. Once installed, it requests photo gallery access, monitors for changes, and uploads images to a remote server. Primarily targeting users in China and Southeast Asia, SparkKitty could spread globally. The malware is linked to the earlier SparkCat spyware campaign and contributes to the rising trend of crypto thefts, which accounted for 70% of the $2.2 billion stolen in 2024, per TRM Labs. Unlike SparkCat, which used OCR to target seed phrases, SparkKitty indiscriminately collects photos for later processing. The malware highlights the growing threat of crypto-targeting Trojans, alongside other strains like Noodlophile and LummaC2, which exploit trends like AI tools to lure victims.
read moreKaspersky
0 in Finance and 0 in Crypto last week
Global Crypto Adoption: Pros, Cons & Risks
Cryptocurrencies offer significant advantages, including low-cost global transfers, censorship resistance, and decentralized finance (DeFi) opportunities. However, challenges such as lack of education, unclear regulations, and technological risks like hacking and volatility remain barriers to wider adoption. Despite these hurdles, cryptocurrencies continue to innovate, shaping the future of money with their permissionless and transparent ecosystem. The article emphasizes the need for better education and global regulations to mitigate risks and drive mainstream adoption.
read moreAndroid Cyberattacks Surge: 12M Devices Targeted in 3 Months
Kaspersky’s latest cybersecurity report highlights a dramatic increase in Android-targeted attacks, with 12,184,351 incidents recorded in the first quarter of 2025—up from 8.7 million in late 2024. The primary threats include the Mamont banking trojan, fake money scam apps, and counterfeit smartphones preloaded with the Triada malware. Trojans accounted for nearly 40% of detected threats, emphasizing the growing sophistication of mobile cybercrime. Additionally, malicious app installations rose to 180,405 in Q1 2025, underscoring the urgent need for enhanced mobile security measures.
read moreInterpol’s Operation Secure Cracks Down on Infostealer Malware
Interpol’s Operation Secure, a global crackdown on infostealer malware, resulted in 32 arrests and the takedown of over 20,000 suspicious IPs and domains. Law enforcement from 26 countries collaborated to dismantle the malicious infrastructure, seizing 100GB of data from 41 servers. Infostealers are used to steal browser credentials, passwords, and cryptocurrency wallet data, which is often traded on the cybercriminal underground. Authorities alerted over 216,000 potential victims to take protective measures. Cybersecurity experts warn that infostealer networks are resilient and emphasize the need for proactive, multi-layered defenses to protect against evolving threats.
read moreHackers Mine Crypto via Russian Devices: Kaspersky
Cybersecurity firm Kaspersky reports that the hacker group Librarian Ghouls, also known as Rare Werewolf, has infected hundreds of Russian devices to mine cryptocurrency in a cryptojacking scheme. The group uses phishing emails disguised as official documents or payment orders to deliver malware, which then disables security systems like Windows Defender. Once inside, the hackers establish remote connections to exploit the compromised devices for crypto mining. This tactic aligns with hacktivist methods, relying on third-party utilities commonly used by similar groups.
read moreSwiss Intel Leak to Kremlin via Kaspersky Sparks Outrage
A Swiss state broadcaster, SRF, disclosed that a Swiss intelligence employee allegedly shared highly sensitive information with Kaspersky, a Russian cybersecurity firm, which then reportedly forwarded it to Russian intelligence agencies. The broadcaster failed to mention its own use of Kaspersky’s antivirus software, raising concerns about conflicts of interest and security risks. The incident has caused significant uproar, highlighting vulnerabilities in intelligence sharing and the potential risks of using foreign cybersecurity tools in sensitive government operations.
read moreCrypto Drainers Evolve into SaaS Model, Fueling Theft
Crypto drainers have evolved into an accessible, professionalized SaaS industry, enabling even low-skill actors to steal cryptocurrency. AMLBot’s April 22 report reveals that drainer-as-a-service (DaaS) operations now allow cybercriminals to rent malware for as little as $100-$300 in USDT. These groups operate boldly, even setting up booths at industry conferences, particularly in jurisdictions like Russia where cybercrime enforcement is lax. Scam Sniffer reported $494 million in losses from drainers in 2024, a 67% increase from the previous year. Recruitment for drainer developers happens openly, with job ads appearing in Telegram groups and niche forums. Despite Telegram’s past privacy policies, the platform’s recent data-sharing changes have pushed some cybercriminals back to Tor-based networks.
read moreMalware Targets Crypto Wallets via Fake Office Add-Ins
Kaspersky has uncovered a sophisticated malware attack that tricks users into sending cryptocurrency to attackers by altering copied wallet addresses. The malware, ClipBanker, is distributed through fake Microsoft Office Add-Ins on SourceForge, redirecting users to malicious download links. While the attack primarily targets Russian users, the English-language download page suggests a broader threat. Once installed, the malware replaces clipboard cryptocurrency addresses with the attacker’s, often going unnoticed until funds are lost. Kaspersky warns that the malware’s persistence methods could allow further exploitation, urging users to avoid untrusted downloads. Over 4,600 Russian users were affected between January and March 2024.
read moreCrypto Users Targeted by Fake Office Plugin & Malware
A fake Microsoft Office plugin on SourceForge has been discovered hijacking crypto wallet addresses via clipboard manipulation, redirecting funds to attackers. Simultaneously, nine malicious VSCode extensions were found mining Ethereum and Monero, downloaded over 300,000 times. Mobile threats like Crocodilus and SparkCat malware are also on the rise, stealing recovery phrases and sensitive data. Browser wallets aren’t safe either, with StilachiRAT targeting Chrome extensions. These attacks highlight how malware now hides in seemingly legitimate tools, urging users to scrutinize even trusted applications.
read moreHackers Exploit GitHub to Distribute Malware and Steal Cryptocurrency
Cybercriminals are exploiting GitHub by creating over 200 fake repositories that distribute malware designed to steal personal data and cryptocurrency. These deceptive projects, often masquerading as legitimate tools for automating social media or managing wallets, employ professional documentation to lure victims. Once installed, the malware can extract sensitive information and redirect cryptocurrency transactions to hackers, with one user reportedly losing 5 Bitcoins valued at around $442,000. Kaspersky warns users to exercise extreme caution when downloading code from GitHub and to implement robust security measures.
read more