Warning: New malware steals photos on iPhone and Android.
A new type of malware has been discovered that can secretly steal photos from both iPhones and Android devices, raising serious concerns about privacy and personal data security on smartphones.
Whether you're using an iPhone or an Android phone, chances are your device contains a wealth of personal, financial, and other sensitive information. While most users are concerned about the risk of password theft, a new type of malware is showing that hackers are targeting an even less-noticed area: photo libraries.

According to BleepingComputer, the latest cyberattack campaign is using SparkKitty malware to access and steal all photos stored on infected devices, including both existing and newly taken photos. Notably, this campaign affects both iPhones and Android devices, and according to a report from security company Kaspersky, it has been silently operating since February of last year.
What's concerning is that SparkKitty not only hides itself in malicious apps downloaded from external sources, but also manages to infiltrate both legitimate app stores: the Apple App Store and the Google Play Store.
Additionally, Kaspersky also detected fake TikTok copies, gambling apps, adult games, and even online casino apps being used as a means of distributing SparkKitty.
SparkKitty operates differently on each platform:
On iPhones, malware is embedded in fake apps, often through "enterprise profiles"—a technique for installing apps outside the App Store. When the app launches, the malware automatically activates.
On Android, malware is embedded in applications written in Java or Kotlin, and is activated when the user opens the application or performs a specific action. The application often requests access to storage, which allows it to access all saved photos.
Once granted access, SparkKitty scans the image library to extract data, focusing particularly on screenshots – a seemingly convenient practice that becomes a serious security vulnerability.
How to prevent malware hidden in mobile apps.
Today, malware spreads not only through phishing links or email attachments, but often hides within applications, even on legitimate app stores like Google Play or the App Store. This makes downloading apps one of the most common ways for hackers to spread malicious code and steal user data.
To minimize risks, users need to be especially cautious before installing any app on their phones. Start by carefully reviewing the app's reviews, ratings, and download count.

However, it's important to note that app store reviews can be easily faked. Therefore, it's advisable to check reviews from reputable tech websites or video reviews, where you can see firsthand how the app works.
An important principle not to be overlooked is limiting the number of applications installed on your device. The fewer applications you have, the lower your risk of accidentally installing fake apps or legitimate apps that have been infected with malware through updates.
Before installing a new app, ask yourself if you really need it. Perhaps an app you already have installed or a feature in your current operating system is sufficient for your needs.
Additionally, you should avoid downloading apps from unofficial sources or stores unless you fully understand the risks. Large app stores like the App Store or Google Play Store have strict security review processes, while unofficial platforms are often breeding grounds for malware.
For Android users, make sure Google Play Protect is enabled. This is a built-in security tool that periodically scans apps for unusual behavior. Combined with a reputable Android antivirus software, you'll have an extra layer of protection.
Meanwhile, iPhone users can use malware scanning tools designed for Macs, such as Intego, but they need to connect their device to a Mac via cable to perform the scan.
Equally important is to share this security knowledge with loved ones, especially children and the elderly – those who are most vulnerable to malicious applications.
Although malware continues to evolve in sophistication and unpredictability, a few simple precautions can help you avoid most risks. In the digital age, being cautious when installing apps is the first step in protecting your personal data and the online safety of your entire family.


