币界网报道：A new mobile spyware called SparkKitty has been discovered infiltrating Apple's App Store and Google Play, masquerading as crypto-themed apps to steal seed phrases and wallet credentials. According to Kaspersky researchers, this malware—an evolution of the earlier SparkCat campaign—has been found in multiple iOS and Android apps, including a messaging app with crypto exchange features (over 10,000 installs) and an iOS portfolio tracker named "币coin." The iOS variant uses weaponized versions of AFNetworking or Alamofire frameworks, executing malicious code on launch to scan and upload gallery images. The Android version modifies Java libraries and employs Google ML Kit for OCR to detect and exfiltrate sensitive data. Attackers distribute the malware via enterprise provisioning profiles on iOS, tricking users into trusting a fake developer certificate linked to "SINOPEC SABIC Tianjin Petrochemical Co. Ltd." Encrypted C2 servers manage data theft, with endpoints like `/api/putImages` controlling uploads. Though primarily targeting China and Southeast Asia, the malware's reach is not region-locked. Apple and Google have removed the identified apps, but researchers warn the campaign, active since early 2024, may persist through sideloaded variants and clone stores.