news

Seed Phrase Stored on Your Phone? You Might’ve Been Targeted

Nidhi Saini
Published: June 24, 2025
(Updated: January 7, 2026)
3 min read
Seed Phrase Stored on Your Phone? You Might’ve Been Targeted

STAY UPDATED WITH COTI

Follow COTI across social media platforms to get the latest news, updates and community discussions.

X IconFollow on XTelegram IconJoin Telegram
Facebook
Instagram
LinkedIn
YouTube

Crypto users are facing another sophisticated threat, this time disguised in legitimate-looking apps on official app stores.

TL;DR

  • A newly discovered malware called SparkKitty has been stealing images from infected phones, searching for crypto seed phrases.
  • Unlike past threats, SparkKitty was found in official App Store and Google Play apps, disguised as crypto-related tools.
  • Apple and Google have removed the apps, but cybersecurity experts warn that similar campaigns are likely ongoing.

Cybersecurity researchers at Kaspersky have identified SparkKitty, a newly discovered strain of spyware that systematically steals photos from infected phones. The target: screenshots of crypto seed phrases and sensitive wallet details.

Unlike most malware circulating in shady APKs or scam links, SparkKitty was embedded in two separate apps on official platforms, giving the campaign a dangerous edge in credibility.

1) Messaging App with Crypto Features (Google Play)

The first confirmed SparkKitty host was a messaging app with built-in crypto exchange features, distributed via Google Play. The app quietly gained over 10,000 installs before researchers flagged it for malicious behavior.

By positioning itself as a communication tool with crypto integrations, the app appealed directly to crypto-curious users. Once installed, it requested access to photos and media, standard for messaging apps, but in this case, that access was exploited to sweep the entire photo gallery.

“Although we suspect the attackers’ main goal is to find screenshots of crypto wallet seed phrases, other sensitive data could also be present in the stolen images,” Kaspersky warned in its report.

2) “币coin” Portfolio Tracker (iOS)

The second app identified was an iOS app named “币coin,” designed to look like a harmless portfolio tracker. It was listed on the Apple App Store before being pulled down after disclosure by security teams.

Fake portfolio trackers are a favorite trick for spyware developers, especially as more crypto holders rely on mobile apps to monitor balances. By posing as a financial tool, SparkKitty used this app to quietly exfiltrate users’ private screenshots.

Both apps have now been removed from official stores, but Kaspersky believes the campaign may have been live since early 2024.

How to Stay Safe

Here’s how to avoid falling victim to spyware like this:

  • Never store seed phrases as screenshots, use paper backups stored securely offline.
  • Be skeptical of unfamiliar crypto apps, even on official platforms.
  • Check app permissions, if a portfolio tracker wants photo access, that’s a red flag.
  • Use mobile antivirus/security apps to catch threats early.
  • Audit your installed apps regularly and delete anything unnecessary.

Final Thought

For crypto holders, screenshots of seed phrases are one of the riskiest habits you can have. Mobile malware is heavily evolving and it’s actively disguising itself in the very apps users trust most. The safest seed phrase is the one never stored on your phone.

READ MORE: Beyond the Hype: What’s Really Fueling Crypto and DeFi Right Now

Related Topics

#Crypto news#Crypto Wallet#Seed Phrase

About the Project

Crypto News

About the Author

Nidhi Saini

Nidhi Saini

Nidhi Saini is a writer and co-founder of CotiNews, with over four years of experience working in Web3 marketing. She brings a practitioner’s perspective to her writing, shaped by years spent understanding how blockchain products are positioned, communicated, and adopted. As a co-founder, she is also involved in shaping the platform’s editorial direction, ensuring the publication stays thoughtful, credible, and grounded.

View all articles

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official stance of CotiNews or the COTI ecosystem. All content published on CotiNews is for informational and educational purposes only and should not be construed as financial, investment, legal, or technological advice. CotiNews is an independent publication and is not affiliated with coti.io, coti.foundation or its team. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. Readers are strongly encouraged to do their own research (DYOR) before making any decisions based on the content provided. For corrections, feedback, or content takedown requests, please reach out to us at

contact@coti.news

Stay Ahead of the Chain

Subscribe to the CotiNews newsletter for weekly updates on COTI V2, ecosystem developments, builder insights, and deep dives into privacy tech and industry.
No spam. Just the alpha straight to your inbox.

We care about the protection of your data. Read our Privacy Policy.