Many users are accustomed to storing sensitive information in the form of photos, such as cryptocurrency mnemonics, password manager's master password, authentication authenticator's recovery code, etc. However, malware is becoming increasingly smart and has begun to steal sensitive data stored in image form, such as the recent SparkKitty mobile phone malware. This article will provide detailed descriptions of all methods to prevent such threats.

Table of contents

• What is SparkKitty malware
• Protect sensitive photos
• Manage application permissions
• Avoid installing applications that are known to spread SparkKitty
• Use antivirus software with behavioral analysis

What is SparkKitty malware

SparkKitty is a variant of the original image-stealing malware SparkCat. Unlike SparkCat that targets specific types of images (such as cryptocurrency mnemonics) through OCR technology only, SparkKitty directly uploads all photos on the device to the Command & Control (C2) server. This behavior makes it more harmful because it is not limited to a certain type of sensitive image.

The stolen photos can be used not only to steal recovery codes or passwords, but may also be used for ransomware, identity theft, or social engineering attacks. In addition, the malware is extremely concealed - usually masquerading as an application with normal functions and lurking with the system's default media access permissions. Although common in third-party app stores, some infected apps have also appeared in official app stores, such as Soex and Coin (currently removed from the shelves).

Protect sensitive photos

This type of image-stealing malware mainly targets pictures in albums, so the primary defense is to store sensitive photos in a safe location. The best way is to encrypt them and hide them in a private safe, making sure that only you can access them. Here are two free solutions:

Lock folders with Google Photos

If you enable Google Photos synchronization, you can use its "Lock Folder" feature to encrypt sensitive photos in the cloud. When enabled, photos are deleted locally from the phone and remain only in the protected locked folder.

Steps: Open the target photo in Google Photos, click the Add to button at the bottom, and select Lock folder . Simple settings are required for the first use. To view the contents of locked folders, go to the collection , open the locked folder, and verify your identity through the device unlock method (such as fingerprint or password).

Use third-party photo safe app

If you don't want to rely on Google Photos, or want photos to be stored completely offline, you can choose the third-party photo safe app. Keepsafe Photo Vault is an excellent choice, supporting Android and iOS platforms. It uses independent PIN code or biometric technology to encrypt and protect photos and other media, and also supports disguising application icons to prevent others from easily trying to access them.

But it should be noted that by default, the application will be automatically synchronized to the cloud. If you want to achieve full offline storage, go to the Backup and Synchronization settings to turn off this feature.

Manage application permissions

SparkKitty must obtain access to photos to perform theft, so the app carrying it must also have the corresponding authorization. You can review permission settings regularly to ensure that no unrelated or suspicious apps have access to media.

On Android devices: Go to Settings → Privacy → All Permissions → Photos and Videos .

On iOS devices: Go to Settings → Privacy & Security → Photos .

Please make sure that only trusted apps are allowed to access your album. If you find that an application is obviously suspicious or can run without access to media, revoke its permission immediately.

Avoid installing applications that are known to spread SparkKitty

When Kaspersky first discovered SparkKitty malware, it also announced the types of applications that often carry the virus. Whether you download it from a third-party store or obtain it from an official store, you should try to avoid using the following types of applications:

• Cryptocurrency-related tools and quotation trackers (because its main goal is mnemonic words)
• Cryptocurrency exchanges or social applications published by unofficial channels
• TikTok cloning app from informal sources
• Gambling, casino and adult-themed game applications

These applications are often a breeding ground for malware and should be installed with caution.

Use antivirus software with behavioral analysis

Currently, most mobile phone antivirus software can detect SparkKitty and similar malicious programs through behavioral analysis technology. Since the virus needs to upload photos to a remote server in the background, Killer, which has behavior monitoring capabilities, can quickly identify such abnormal network activities and intercept them in time.

Bitdefender or Avast Mobile Security is recommended, both of which have powerful behavior detection mechanisms. Simply install their free versions and keep the background running to monitor potential threats in real time and prompt you to take measures when an exception is found.

For master passwords and recovery codes, it is recommended to use handwritten paper storage methods instead of taking photos or taking them in electronic notes. If you are using an Android device, you should also enable various security functions that come with the system to further improve the protection level.

The above is the detailed content of Protect Your Phone From Photos Stealing Malware Like SparkKitty - Make Tech Easier. For more information, please follow other related articles on the PHP Chinese website!