Thursday, June 26, 2025
Latest:
ZDNet | Security

You should probably delete any sensitive screenshots you have in your phone right now. Here’s why

TH Author
gettyimages-1163540721

zf L/Getty

It’s generally not a good idea to keep screenshots of sensitive information on your phone, but you should probably delete them, especially if they’re related to your crypto wallet.

A new Trojan spy known as SparkKitty targets information from screenshots stored in your gallery. This spy, likely connected to the infamous SparkCat data stealer that emerged earlier this year, focuses on sensitive data, such as seed phrases for crypto wallets. The new Trojan was first mentioned on SecureList by Kaspersky.

Also: How Avast’s free AI-powered Scam Guardian protects you from online con artists

According to Kaspersky, the malware targets iOS and Android devices. While the malware spread from the App Store and Google Play Store (and has been removed from both), it’s also spreading naturally.

What is SparkKitty?

Here’s how the malware works. Kaspersky said it identified one version of the Trojan that copies all images in your gallery and another that uses OCR to find images specifically related to financial information.

Also: Best data removal services: Delete yourself from the internet

If you have any cryptocurrency, you were probably encouraged to write down a seed phrase when you created your wallet and store it in a secure, offline location. This phrase is crucial for restoring a wallet and its contents on a device other than the original, which makes it an attractive target for thieves. While writing the phrase down is optimal, many people take a screenshot to remember it later.

The malware comes from legitimate-looking downloads, including messaging apps, crypto trading apps, modded TikTok clones, fake online cryptocurrency stores, gambling apps, adult-themed games, and casino apps.

If you accidentally install the software, it searches your gallery and sends your data to nefarious parties who can wipe out your wallet or target your other accounts. 

Also: 184 million passwords leaked across Facebook, Google, more: What to know about this data breach

How to keep safe from SparkKitty

If you want to keep yourself protected from this (or any other) malware, there are a few steps you can take:

  • Go to your phone’s settings and check each app’s permissions. Revoke access to camera, photos, storage, and accessibility features unless the app needs it (for example, a wallpaper app doesn’t need access to your files). 
  • Only install apps from official app stores like the Google Play and the App Store (but even then, be aware that malware can slip through, as SparkKitty did).
  • Don’t save screenshots of sensitive information, such as IDs, passports, crypto wallets, seed phrases, passwords, and two-factor authentication backup codes. Either delete this data or move the screenshots to a password-protected folder.

READ MORE HERE