Newsletter: Kaspersky has discovered SparkKitty: a new Trojan spy on App Store and Google Play

[THIS IS A PRESS RELEASE]

Kaspersky researchers have discovered a new Trojan spy called SparkKitty which targets smartphones on iOS and Android. It sends images from an infected phone and information about the device to the attackers. This malware was embedded in apps related to crypto and gambling, as well as in a trojanized TikTok app, and was distributed on App Store and Google Play, as well as on scam websites. Experts suggest that the goal of the attackers is to steal cryptocurrency assets from residents of Southeast Asia and China. Users in the Philippines are also potentially at risk of facing a similar cyber threat. 

Kaspersky has notified Google and Apple about the malicious apps. Certain technical details suggest that the new malware campaign is linked to the previously discovered SparkCat Trojan — malware (the first of its kind on iOS) with a built-in optical character recognition (OCR) module that allows it to scan image galleries and steal screenshots containing cryptocurrency wallet recovery phrases or passwords. The SparkKitty case is the second time in a year that Kaspersky researchers have found a Trojan stealer on App Store, following SparkCat.

iOS

On App Store, the Trojan pretended to be an app related to cryptocurrencies — 币coin. On phishing pages mimicking the official iPhone App Store, the malware was distributed under the guise of TikTok and gambling applications.

An alleged crypto exchange app, 币coin, on App Store

A webpage mimicking AppStore to install an alleged TikTok app through developer tools

A fake web store embedded into the alleged TikTok app

"One of the vectors for the Trojan's distribution turned out to be fake websites where the attackers tried to infect the victims' iPhones. iOS has several legitimate ways to install programs not from the App Store. In this malicious campaign, the attackers used one of them — special developer tools for distributing corporate business applications. In the infected version of TikTok, during authorization, the malware, in addition to stealing photos from the smartphone gallery, embedded links to a suspicious store in the person's profile window. This store only accepts cryptocurrencies, which increases our concerns about it,” explains Sergey Puzan, a malware expert at Kaspersky.

Android

The attackers targeted users both on third-party websites and on Google Play, passing off the malware as various crypto services. For example, one of the infected applications — a messenger called SOEX with a cryptocurrency exchange function — was downloaded from the official store over 10,000 times. 

An alleged crypto exchange app, SOEX, on Google Play

Experts also found APK files of infected apps (these can be installed directly on Android smartphones bypassing official stores) on third-party websites that are likely related to the detected malicious campaign. They are positioned as investment crypto projects. The websites on which these applications were posted were advertised on social networks, including YouTube. 

"After the apps were installed, they functioned as promised in their description. But at the same time, photos from the smartphone gallery were sent to the attackers. The attackers may later try to find various confidential data in the images, for instance, crypto wallet recovery phrases to access the victims' assets. There are indirect signs that the attackers are interested in people's digital assets: many of the infected apps were related to crypto, and the trojanized TikTok app also had a built-in store that accepted payment for goods only in crypto," comments Dmitry Kalinin, a malware expert at Kaspersky. 

A detailed report about this attack is available on Securelist.com. 

To avoid becoming a victim of this malware, Kaspersky recommends the following safety measures:

• If you have installed one of the infected applications, remove it from your device and do not use it until an update has been released to eliminate the malicious functionality
• Avoid storing screenshots containing sensitive information in your gallery, including cryptocurrency wallet recovery phrases. Passwords, for example, could be stored in specialized applications such as Kaspersky Password Manager.
• Reliable cybersecurity software, like Kaspersky Premium, can prevent malware infections. Due to the architectural features of the Apple operating system, the Kaspersky solution for iOS shows the user a warning if it detects an attempt to transfer data to the attacker's command server, and blocks the attacker from transferring data.
• If an app asks for permission to access the phone's photo library, consider if this app really needs it. 

[END OF PRESS RELEASE]

Newsletter: Kaspersky study: Only a quarter of organizations in APAC perform regular cybersecurity assessments

[THIS IS A PRESS RELEASE]

This leaves them exposed to unplanned downtime, production losses and the reputational and financial damages that can result from possible cyber breaches. This alarming trend was highlighted in a recent joint survey conducted by VDC Research and Kaspersky.

Newsletter: Over 250,000 cyberattacks disguised as anime: Kaspersky explores the dangers behind Gen Z’s favorite shows and platforms

[THIS IS A PRESS RELEASE]

From Naruto to Attack on Titan, cybercriminals are increasingly using anime and other Gen Z favorites as bait. In a new report covering Q2 2024 – Q1 2025, Kaspersky has found over 250,000 cyberattacks disguised as popular anime among other shows and streaming platforms favored by younger audience. To help Gen Z recognize these and other cyber risks, Kaspersky is launching “Case 404” — an interactive cybersecurity game, teaching how to protect their digital lives.

Kaspersky warns of emerging AI threats in APAC, urges proactive defense with SOC

[THIS IS A PRESS RELEASE]

Global cybersecurity and digital company Kaspersky raised urgent concerns about the rising misuse of artificial intelligence (AI) in cyberattacks across Asia Pacific (APAC), revealing new threat data and defensive strategies at its Cyber Insights 2025 forum held in Seoul.

Newsletter: Kaspersky reaffirms 100% anti-tampering protection in latest AV-Comparatives test

[THIS IS A PRESS RELEASE]

Kaspersky Next EDR Foundations – represented by Kaspersky Endpoint Security – once again demonstrated 100% tamper protection in the latest focus penetration test by AV-Comparatives.

Attackers often attempt to disable security tools as an initial step in compromising business infrastructure. This makes tamper protection a key mechanism for preventing further compromise of the system. It safeguards the product from end-user and third-party changes, and protects services, processes, files, registry entries, and more from any unauthorized control attempts – even in the context of a privileged user (high or system integrity level). The Kaspersky solution met the strict certification requirements by successfully preventing all tampering attempts during testing.

Newsletter: On World Password Day Kaspersky warns against AI password generation

[THIS IS A PRESS RELEASE]

How many passwords do you have? It could be more than you think. Most online services and apps require the user to create a password. Chances are many of those passwords are not being used daily and due to this overabundance, there’s a high probability that many of the passwords are being reused.

Newsletter: Cyber Immunity recognized by 71% of experts in APAC as a promising strategy against cybercriminals

[THIS IS A PRESS RELEASE]

At GITEX Asia 2025, Kaspersky has revealed findings from its latest research, stating that 71% of cybersecurity professionals from Asia Pacific (APAC) regard Cyber Immunity as an effective strategy for minimizing the capabilities of cybercriminals to penetrate networks and compromise systems. These insights indicate a growing demand for developing secure by design systems instead of relying solely on additional cybersecurity solutions.

Newsletter: Kaspersky earns Leader spot in SPARK Matrix: Digital Threat Intelligence by QKS Group

[THIS IS A PRESS RELEASE]

Recognized for its excellence in Threat Intelligence, Kaspersky has been named a Leader in the 2025 SPARK Matrix™: Digital Threat Intelligence Management by QKS Group. The report highlights the company’s strong capabilities in delivering trusted services that enable organizations worldwide to detect, attribute, and respond to sophisticated cyber threats.

Newsletter: Kaspersky expands Partner Locator with access to global learning centers

[THIS IS A PRESS RELEASE]

Kaspersky has expanded its interactive Partner Locator service by adding a dedicated section for Authorized Training Centers. The expanded capability provides resellers, Kaspersky partners, and cybersecurity professionals worldwide with easy access to technical training centers for in-depth education on Kaspersky solutions.

Newsletter Surge in long-lasting attacks: 35% exceeded one-month duration in 2024

[THIS IS A PRESS RELEASE]

According to the recent Kaspersky Incident Response analyst report, long-lasting attacks that persist for more than a month accounted for 35.2% of the total attacks in 2024.

The Kaspersky Incident Response analyst report offers detailed analysis of cyberattacks that Kaspersky investigated in 2024. It draws upon information from organizations that required assistance during security incidents and identifies emerging trends in threats across different industries and regions. This report serves as a valuable resource for organizations looking to improve their security operations and prepare for future incidents effectively.

Newsletter: Valid accounts showed significant increase as initial attack vector in 2024

[THIS IS A PRESS RELEASE]

Valid accounts are increasingly being leveraged as an initial attack vector in 2024, representing 31.4% of cases. Public-facing applications still hold the top position with 39.2% of cases. These findings were reported in the recent Kaspersky Incident Response analyst report.

Newsletter: Kaspersky launches an interactive test to explore gender and work-life balance barriers in IT

[THIS IS A PRESS RELEASE]

In celebration of International Women’s Day last 8th March 2025, Kaspersky is launching “Confronting IT's Career Barriers”, an interactive game-like test that delves into the obstacles — both visible and invisible — hindering career progression in tech. Inviting users to make a stark choice between gender and work-life balance barriers they’d be ready to cope with at workplace, the project aims to raise awareness of the impact they have not only on individual careers but also the broader industry and offers ways to tackle them.

The tech industry continues to face structural inequalities that shape career opportunities and workplace culture. From the glass ceiling and pay gaps to work-life balance struggles, these barriers influence how professionals — especially underrepresented groups, including women — progress in their careers. Despite ongoing discussions about diversity, the numbers tell a different story: women only hold 10% of senior positions in science, technology, engineering and mathematics (STEM), compared with 25% in other fields. 

Newsletter: Government and Development industries report threefold decrease in critical cyber incidents in 2024

[THIS IS A PRESS RELEASE]

According to the latest Kaspersky Managed Detection and Response (MDR) analyst report, government and development industries experienced a significant decrease in the number of high-severity incidents with direct human involvement in 2024, whereas the food, IT, telecom and industrial sectors demonstrated an increase.

Newsletter: Operation SalmonSlalom: Kaspersky discovered a new attack targeting industrial organizations in APAC

[THIS IS A PRESS RELEASE]

Kaspersky ICS CERT discovered a campaign targeting industrial organizations in the Asia-Pacific region. The attackers used legitimate cloud services to manage malware and employed a complicated multi-stage malware delivery scheme using legitimate software to avoid detection. As a result, they could spread malware over victim organizations’ networks, install remote administration tools, manipulate devices, steal and delete confidential information. 

Newsletter: Kaspersky reports nearly 900 million phishing attempts in 2024 as cyber threats increase

[THIS IS A PRESS RELEASE]

Kaspersky’s security solutions blocked over 893 million phishing attempts in 2024 – a 26% increase from 2023, when the total stood at nearly 710 million. The surge in attempts (shown in the graph below) between May-July is traditionally tied to the holiday season when fraudsters frequently try to lure travelers with scams involving fake airline and hotel bookings, deceptive tour packages and too-good-to-be-true offers.

Newsletter: Tricky romance: Kaspersky warns of Valentine’s Day scams targeting gift buyers

[THIS IS A PRESS RELEASE]

With the most romantic holiday of the year approaching, love is in the air – along with online scams and phishing. As couples prepare to celebrate with flowers, love letters and carefully selected gifts, cybercriminals are setting fake websites, offering perfect bouquets, beautiful engagement rings or even Apple gadgets.  Kaspersky experts identified several scam schemes users might face while shopping for romantic gifts and gave practical advice on how not to be deceived.  

Newsletter: Kaspersky discovers new crypto-stealing Trojan in AppStore and Google Play

[THIS IS A PRESS RELEASE]

Kaspersky Threat Research expertise center has discovered a new data-stealing Trojan, SparkCat, active in AppStore and Google Play since at least March 2024. This is the first known instance of optical recognition-based malware appearing in AppStore. SparkCat uses machine learning to scan image galleries and steal screenshots containing cryptocurrency wallet recovery phrases. It can also find and extract other sensitive data in images, such as passwords.

Kaspersky has reported known malicious applications to Google and Apple. 

Newsletter: Kaspersky Threat Lookup now enables AI-enhanced open-source intelligence search

[THIS IS A PRESS RELEASE]

Kaspersky Threat Lookup now provides customers with summaries and article abstracts related to analyzed objects in the OSINT (Open-Source Intelligence) tab, saving them time when searching for IoCs (Indicators of Compromise) or researching cybersecurity reports.

Newsletter: Beware of Sweet Deceptions: Kaspersky Warns of Dubai Chocolate Scams

[THIS IS A PRESS RELEASE]

Consumers across the world are eager to indulge in Dubai’s luxurious chocolate. However, cybercriminals are exploiting this trend to deceive unsuspecting buyers. Kaspersky experts have uncovered a series of scams related to the growing demand, ranging from impersonating trusted brands to creating entirely fraudulent storefronts.

Newsletter: Extended AI capabilities and resource visualization: great new features provided by Kaspersky SIEM

[THIS IS A PRESS RELEASE]

To bolster the productivity and effectiveness of cybersecurity teams, Kaspersky has unveiled a significant update to its Security Information and Event Management (SIEM) solution. The enhanced platform provides a new AI module for faster and more effective alert triage, helps to visualize resource dependencies and enables extended search capabilities.

According to Verified Market Research, the SIEM market was valued at $5.21 billion in 2024 and is expected to reach $10.09 billion by 2031. Among the key factors that contribute to such growth are rising cyber threats, regulatory compliance regulations and demand for rapid threat detection. Businesses are searching for solutions that enable them to collect and analyze data in real time, significantly enhancing their situational awareness. To meet this demand, Kaspersky added new features to its SIEM, allowing cybersecurity professionals to detect threats more efficiently.