07/07/2025

MONDAY | JULY 7, 2025

23

LYFE

Experts find new Trojan spy on App Store, Google Play

R ESEARCHERS from Kaspersky have discovered a new Trojan spy called SparkKitty, which targets smartphones on iOS and Android. It sends images from an infected phone and information about the device to the attackers. This malware was embedded in apps related to crypto and gambling, as well as in a trojanised TikTok app, and was distributed on the App Store and Google Play as well as on scam websites. Experts suggest that the goal of the attackers is to steal cryptocurrency assets from residents of Southeast Asia and China. Users in Malaysia are also potentially at risk of facing a similar cyber threat. The organisation has notified Google and Apple about the malicious apps. Certain technical details suggest that the new malware campaign is linked to the previously discovered SparkCat Trojan – malware (the first of its kind on iOS) with a built-in optical character recognition module that allows it to scan image galleries and steal screenshots containing cryptocurrency wallet recovery phrases or passwords. The SparkKitty case is the second time in a year that researchers have found a Trojan stealer on the App Store, following SparkCat. iOS On the App Store, the Trojan pretended to be an app related to cryptocurrencies – coin. On phishing pages mimicking the official iPhone App Store, the malware was distributed under the guise of TikTok and gambling applications. “One of the vectors for the Trojan’s distribution turned out to be fake websites where the attackers tried to infect the victims’ iPhones. iOS has several legitimate ways to install programmes not from the App Store. In this malicious campaign, the attackers used one of them – special developer tools for distributing corporate business applications. In the infected version of TikTok, during authorisation, the malware, in addition to stealing photos from the smartphone gallery, embedded links to a suspicious store in the person’s profile window. This store only accepts cryptocurrencies, which increases our concerns about it, explained malware expert Sergey Puzan. Android The attackers targeted users on third-party websites and on Google Play, passing off the malware as various crypto services. For example, one of the infected applications – a messenger called SOEX with a cryptocurrency exchange function – was downloaded from the official

o Malware sends pictures, information to attackers

An alleged crypto exchange app on the App store.

How cybercriminals obtain users’ information.

A new special segment titled Kisah Benar: Scam Siber in TV3’s crime show 999 aims to educate and raise public awareness about the alarming rise and various forms of cyber fraud currently plaguing the nation. In today’s increasingly complex digital landscape, Malaysians, especially internet users, face growing threats such as social engineering, phishing websites and personal data theft. Leveraging the power of visual storytelling and real-life case reenactments, 999 seeks to convey store over 10,000 times. Experts also found APK files of infected apps (these can be installed directly on Android smartphones, bypassing official stores) on third-party websites that are likely related to the detected malicious campaign. They are positioned as investment crypto projects. The websites on which these applications were posted were advertised on social networks, including YouTube. “After the apps were installed, they functioned as promised in their description. But at the same time, photos from the smartphone gallery were sent to the attackers. The attackers may later try to find various confidential data in the images – for instance, crypto wallet recovery phrases to access the victims’ assets. There are indirect signs that the attackers are interested in people’s digital assets: many of the infected apps were related to crypto, and the trojanised TikTok app also had a built-in store that accepted payment for goods only in crypto,” said malware expert Dmitry Kalinin. Safety measures To avoid becoming a victim of this malware: 0 If you have installed one of the infected applications, remove it from

The app SOEX on Google Play.

your device and do not use it until an update has been released to eliminate the malicious functionality. 0 Avoid storing screenshots containing sensitive information in your gallery, including cryptocurrency wallet recovery phrases. Passwords, for example, could be stored in specialised applications. 0 Reliable cybersecurity software

can prevent malware infections. Due to the architectural features of the Apple operating system, the solution for iOS shows the user a warning if it detects an attempt to transfer data to the attacker’s command server, and blocks the attacker from transferring data. 0 If an app asks for permission to access the phone’s photo library, consider if this app really needs it.

A webpage masquerading as the App store so users will install an infected version of TikTok.

Crime show 999 to feature real-life scam stories preventive messages in a way that is relatable and easy to understand. previously reported to

the Royal Malaysia Police, along with informative capsules offering concise and practical prevention tips. Among the cybercrime topics that will be highlighted are phone scams/Macau scams (episode one), love scams (episode two), parcel scams (episode three), online investment scams (episode four), job offer scams (episode five) and cash reward scams (episode six). Viewers who miss the television broadcast can still access key

content from Kisah Benar: Scam Siber through short video capsules shared on TV3’s social media platforms. These digital segments will highlight essential information and practical prevention tips, ensuring that the awareness message continues to reach a wider audience throughout the duration of the campaign. This initiative is expected to raise public awareness about cyber fraud – a relatively recent and rising threat to the safety and well-being of Malaysians.

This initiative by CelcomDigi Berhad, in collaboration with Media Prima Berhad and OMD Malaysia, not only fosters greater digital literacy but also empowers the public to take swift and informed action in reporting cybercrimes to the authorities. Kisah Benar: Scam Siber will air over 13 episodes until Sept 23, every Tuesday at 9pm. Each episode features dramatic reenactments based on real cases

Kisah Benar: Scam Siber shares real-life scam stories that Malaysians can relate to and learn from.