SparkKitty, a dangerous new malware, is targeting mobile devices to compromise crypto wallets. It searches through users’ image data to uncover and steal seed phrases.
In recent cases, the malware infected phones through compromised apps, with several bait programs catering to lure crypto users. Thankfully, app store moderation has removed many of SparkKitty’s attack vectors.
How SparkKitty Targets Crypto Wallet Apps
Popular security firm Kaspersky identified this new malware today after months of observation across different mobile operating systems.
Earlier in February, the firm discovered SparkCat, an earlier iteration of this malware. After the previous discovery, the malicious developers repackaged this trojan through new apps.
Our researchers uncovered #SparkKitty, a stealthy Trojan targeting both #iOS and #Android devices.
It captures images and device data from infected phones and transmits them to the attackers. The Trojan was embedded in apps related to #crypto, gambling, and even a trojanized… pic.twitter.com/2CjjSwcpeo
According to the company’s full report, this piece of malware is specifically focused on targeting crypto users, especially in China and Southeast Asia.
Hackers embedded SparkKitty into crypto-related apps, like price trackers and messengers with crypto-buying functionality. One such compromised messenger, SOEX, was downloaded over 10,000 times before removal.
SparkKitty’s operators also branched out to include casino apps, adult sites, and fake TikTok clones. Even if a user downloaded a contaminated app, the malware wouldn’t automatically start looking for crypto.
Instead, the app would ostensibly function normally, asking for access to users’ photos. It would continue appearing normal even after gaining this permission.
In other words, this malware would repeatedly scan image data for signs of a crypto seed phrase, double-checking the compromised device periodically.
Kaspersky’s researchers have several reasons to believe that SparkKitty is an upgraded SparkCat. For example, they share several debug symbols, code construction, and even a few compromised vector apps.
However, SparkKitty is more ambitious than SparkCat. The earlier malware would focus on penetrating crypto security, while the upgraded version can compromise many types of sensitive data.
SlowMist TI Alert
A new malware named #SparkKitty that steals all photos from infected iOS & Android devices — searching for crypto wallet seed phrases.
Nonetheless, SparkKitty’s main priority is still in uncovering seed phrases.
Overall, the best caution for users is never to store seed phrases digitally. Don’t even take a photo of it.
There’s no shortage of recent scams and malware that can compromise this password, thereby allowing attackers to steal all your crypto. It’s important not to give sketchy apps access to your devices, but it’s doubly vital to protect your seed phrase.
Bitcoin has seen some volatility recently, with its price facing significant challenges. Despite these setbacks, the cryptocurrency is forming a bullish pattern.
Investors, particularly short-term holders (STHs), have shown resilience by moving towards accumulation, which supports the notion of potential recovery in the coming weeks.
Bitcoin Investors Are Hopeful
Bitcoin’s realized losses have been a key indicator of the current market’s struggles. This week, the realized losses across all market participants reached $818 million per day, which is among the highest values in recent times. The only larger recorded loss was the yen-carry-trade unwind on August 5, 2024, which totaled $1.34 billion.
These substantial losses reveal that many investors have been forced to sell their positions below their cost basis, pressured by the ongoing market downturn. Despite this, the significant realized losses suggest that many investors are feeling the weight of the current volatility, yet some continue to hold their positions.
On a more positive note, Bitcoin’s network growth has been on the rise. The number of short-term holders has increased, with 50,000 more wallets on the network compared to a month ago. Specifically, there has been a rise of 37,390 new wallets holding less than 0.1 BTC, and 12,754 wallets holding between 0.1 and 100 BTC.
The growth in the number of Bitcoin wallets reflects strong conviction among these short-term investors. Despite the ongoing price fluctuations, their continued involvement in the market indicates that many are looking beyond the current downturn. This is an important factor in supporting Bitcoin’s potential recovery, as it suggests that the base of holders remains strong and that interest in the cryptocurrency is far from fading.
Bitcoin’s price has shown a 6% recovery in the last 24 hours, trading at $92,776 as of the latest update. The cryptocurrency is nearing the critical resistance level of $93,625, which it has struggled to breach in recent days. A successful breach of this resistance could mark the beginning of a bullish breakout, pushing Bitcoin higher.
If Bitcoin manages to flip $93,625 into support, it could pave the way for a rise towards $95,761. Such a move would also indicate a potential breakout from the descending broadening wedge pattern that has dominated the market in recent weeks. Should this happen, Bitcoin could find itself heading towards the psychologically significant $100,000 mark, marking a strong recovery from its recent volatility.
However, if Bitcoin fails to break through $93,625, it could fall back to the $89,800 support level. A failure to hold at this point could delay the recovery further and even push Bitcoin to test lower levels, with $87,041 acting as a crucial support. A move below this level would invalidate the bullish outlook and extend the current downtrend.
Flight3, the UK’s leading Web3 marketing agency, is proud to celebrate its 4th anniversary with substantial achievements that showcase its unmatched position in the British digital landscape.
The past four years have seen Flight3 grow from a bold startup into a global agency, delivering over $10 million in revenue while partnering with some of the most iconic names in Web3, including Coinbase, Solana, VeChain, Optimism, Ondo Finance, Fabric Ventures, Near, and more. With over 100+ client projects delivered and a growing international footprint with offices in London, Lisbon and Cape Town, Flight3 has cemented its place as a true industry leader.
As part of its ongoing evolution, Flight3 is excited to announce key leadership updates:
Luke Courtenay-Smith has been promoted to Managing Director, bringing his deep operational expertise and strategic vision to steer the company through its next phase of scale. Previously MD at Bolt Digital and COO at fintech startup Droplet, he’s also a mentor at the Creator Network and a one-time feature in Vogue’s David Bailey’s ‘People Set to Define the Next Decade’.
Olesia Lacko steps into the role of Chief Operating Officer, bringing a decade of experience scaling marketing and operations across Web2 and Web3. Previously at IBM driving digital transformation, she’s also led growth at multiple startups and agencies, building teams, systems and sustainable scale. A strategic operator with a bias for action, her appointment means the Flight3 executive team is now 50% women.
A new Head of People will be announced soon, reinforcing Flight3’s commitment to nurturing talent and culture as the company grows.
Coinciding with its anniversary, Flight3 has also moved into a brand-new London HQ in London Bridge, a fresh space designed to foster collaboration, creativity and innovation.
“As we enter our fourth year, this marks a pivotal moment for Flight3” said Harry Horsfall, CEO and Co-founder of Flight3 and Zebu Live. “I’m incredibly proud of what our team has achieved. We’ve built a world-class executive team with the capability to scale Flight3 into the leading Web3 agency globally. Working with visionary clients like Coinbase and VeChain is a testament to the trust the industry places in us. From four of us working in bedrooms and coffee shops during lockdown, we’ve grown into a global force shaping the future of Web3.”
Flight3 is also gearing up for the 5th edition of Zebu Live, the UK’s flagship Web3 summit, which it proudly organises. Set to take place at the iconic Tobacco Dock, this year’s event will host 4,500+ in-person attendees and an expected 10,000+ virtual participants, reflecting the growing global appetite for Web3 innovation and thought leadership.
As Flight3 enters its fifth year, the mission is clear: scale faster, deliver better and lead the charge in building the future of decentralised marketing.
About Flight3
Flight3 is a leading Web3 marketing agency helping blockchain and crypto companies grow, engage and scale their communities in the UK and beyond. Founded in 2020 by a team of Web3 experts, Flight3 offers services across branding, content, community, KOLs, events and performance marketing. With a focus on creative storytelling and data-driven strategy, Flight3 empowers some of the most disruptive projects in the space including Coinbase and VeChain to stand out and thrive in a rapidly evolving industry. The agency also founded Zebu Live, the UK’s flagship Web3 summit.
Flight3 has received a number of awards over time including CityAM Start-Up of the Year, Marketing Startup Awards National Series Nomination and Best Digital Asset Marketing Agency by The Digital Commonwealth.
Confidentiality has always been a contentious point in blockchain technology. As public ledgers provide transparency, they often compromise privacy. The drive to reconcile transparency and privacy is at the heart of progress in crypto, and nobody epitomizes this better than Rand Hindi, CEO of Zama.
Hindi and Zama are pioneering the integration of fully homomorphic encryption into public blockchains. BeInCrypto interviewed Rand Hindi at Cannes to discuss Zama’s journey, the mounting investor interest, and the potentially transformative implications of this technology.
Hindi, who leads one of the most acclaimed teams in cryptography, has shepherded Zama to a billion-dollar valuation by focusing on a breakthrough technology that might address some of the sector’s core adoption barriers. The conversation explores how Zama’s protocol operates, the future of confidential payments, and what it means for traditional finance and on-chain scalability.
Hindi shares essential insights on technology’s progression, Zama’s testnet, and the security benefits that go beyond today’s industry standards.
Building Zama: Addressing Privacy Through Homomorphic Encryption
We like to joke that we’re probably the company that raised the most money without anybody understanding what we’re building. The reason for this is because cryptography as a field is very obscure and opaque, but the use cases it enables are very obvious once it actually works.
Zama as a company specializes in something called fully homomorphic encryption, FHE, which is a new encryption technique that allows you to have confidentiality on top of public blockchains. For example, imagine you want to send money confidentially to someone on a blockchain. Today, you wouldn’t. The amount of money you own, the amount you’re sending is public. With our technology, you would actually have that encrypted on chain but still be able to use it as part of any kind of blockchain application.
That is really a radical new proposition, I would say, because up until now, the only way to use a blockchain was to disclose everything to everyone. We’re effectively bridging that gap.
Inside the Zama Protocol and Testnet
When we started a company a few years ago, we focused on licensing our technology to other people. Most people don’t know that nine out of ten blockchain projects that use FHE use Zama technology in the backend.
Now, we are moving to having our own protocol called the Zama protocol that allows you to have confidentiality on top of any blockchain, even those that don’t license our technology directly. So you can have confidentiality on Ethereum, on Base, on Solana, on any really public blockchain.
The ability to have that on a public blockchain means that anybody can now start building apps where the on-chain data stays confidential regardless of which chain they actually want to use to deploy it. So the Zama protocol, like every protocol, has a testnet phase where we effectively launch that and allow developers and users to try it, start building the first apps and use cases ahead of a mainnet launch where it actually goes into production.
Use Cases: Confidential Payments and Beyond
I would say, by far, the biggest use case is confidential payments. If you look at stable coins, you look at global remittances, if you look at payroll, it’s very obvious that if you want to use a blockchain for that, you need to keep data confidential. I mean, if I told you right now to open your phone and show me your bank account, would you? Definitely not a chance.
Okay, there you go. This is what happens in a blockchain because I could see everything you own and do. That makes no sense whatsoever. Once you can encrypt it with homomorphic encryption, then you can start using a blockchain like you use a traditional bank account, like use a traditional credit card for anything from buying your coffee to getting your salary to buying a house. You can do it without other people knowing about it.
That’s one use case. The second one is enabling trading and tokenization of financial assets confidentially. Let’s imagine you are a large financial institution. You’re a hedge fund, you’re a bank. You want to use a blockchain for trading or even for just like, you know, settling some trades with a partner.
If everybody can see your trades and your positions, you’re not going to have much of an advantage in the market. The whole point is to have what we call an alpha, like something, a secret sauce that you don’t reveal. Blockchain today don’t allow you to keep things private. We’re also solving that.
Scaling, Developer Experience, and Security
When we started working on this, there were three main issues. First, it didn’t work. So we had to make the technology work. That’s done. Today, we have the most secure confidentiality technology. It’s even secure against quantum computers. So it’s as secure as it can ever be.
The second problem was it was very difficult to use for a developer. We actually solve that by integrating our technology into existing programming languages for smart contracts, like Solidity, for example, on Ethereum. As a developer, you don’t need to know cryptography to build a confidential application on chain.
And finally, there’s performance. FHE traditionally was very slow. We fixed that through new mathematics, better engineering, but also with better hardware. Effectively, today, scaling FHE and, therefore, scaling global payments on-chain, all these are use cases, is just a matter of putting more compute behind it. If there is one thing we learn from AI, it is that we can throw more compute than it works. We know how to do that. Just put more servers, put more GPUs, it’ll go faster.
So, there’s really nothing preventing homomorphic encryption from becoming the technology that makes it possible to have on-chain finance in a confidential manner.
You can think of it a little bit like, in your browser, when you connect to a website, you have this small lock that tells you that this is encrypted and protected. We’re effectively doing the same thing for blockchain.
Traditional Finance Appetite and Industry Examples
I would say that probably over half of the companies we talk to are financial institutions that are not Web3 native. They all want the same thing. They want to use blockchain because blockchain is the right solution for finance. We all agree on that. That’s established by everybody from Circle to all of these other companies doing that. Confidentiality was the last blocking point for the mass adoption of blockchain for finance.
I’ll give you two examples. We are working with a company right now that is issuing a confidential stablecoin. What it means is, it’s a regular stablecoin, you can use it for payment on chain, but the issuance is confidential, the amounts that you own is confidential, the amount you transfer is confidential, so you can actually use it for payment without having to disclose anything to other people.
That’s one example. Another example is that there is a company building an on-chain self-custodial bank where your money on chain is kept confidential with our technology. We’re talking about something like Revolut, fully on-chain, self-custodial, so even if the bank goes down, you can get back your money because it’s on-chain.
Try to imagine like the first bank that cannot rug you.
Performance, Security, and Cost
Speed-wise, there is going to be almost no difference. It’s not going to slow down the underlying blockchain. The latency is a couple of seconds, a few seconds. You’re probably not going to see it. Just clicking around on an app is going to take longer than that, effectively. So speed is not an issue. Cost is not an issue. At scale, it can be as cheap as about a cent per confidential token transfer.
On like an L2, like base, even in Ethereum, we’re just adding a couple of cents on top of Ethereum gas fees. We’re almost as cheap as the underlying blockchain allows us to be, pretty much. So that’s not an issue. The third one in terms of security we are post-quantum. Even a quantum computer cannot break homomorphic encryption, FHE. That is very important because there are many technologies that are being used today as shortcuts because they’re supposedly more performant.
First of all, that’s not true. But second of all, those technologies have been broken and will be broken going forward. If you want to have the best amount of security, you have to use FHE. There is nothing else that can actually get even closer.
The Road Ahead: Future Developments and Adoption Trajectory
So we’re in testnet now, that’s already big. We’re planning to have our first main net at the end of, let’s say October.
From that point, we’re gonna have other blockchains being supported, and then it’s game on. You know, initially let’s get at least 1% of watching transactions confidential, then 10% and 20%. If we take again the example of HTTPS, in your browser, the small lock protects your data. We’re connecting to the website. It went from 5% of the internet traffic being encrypted in 2010 to 96% now, I believe. We believe FHE will follow a similar type of trajectory where, five, six, or 10 years from now, over 90% of blockchain transactions will be encrypted and confidential with homomorphic encryption.
Conclusion
Rand Hindi’s vision for Zama represents a major leap for both user privacy and institutional confidence in blockchain networks. Fully homomorphic encryption is set to enable confidential apps, payments, trading, and on-chain banking, all without sacrificing security or speed.
As Zama moves from testnet to mainnet, the aim is to make confidential blockchain transactions as common as secure web browsing. Hindi’s conviction is clear—within the next decade, encrypted, private transactions could become the standard, not the exception, across every major blockchain.
SlowMist TI Alert
Delivered via:
“币coin” (App Store)
