Coin WorldTuesday, Jun 24, 2025 9:28 am ET

1min read

Kaspersky, a cybersecurity firm, recently disclosed the discovery of a new virus named SparkKitty, which specifically targets cryptocurrency users by stealing their mnemonic phrases. The malware is spread through two applications, one of which is named "Coin Coin." This application was previously available on the App Store and was disguised as a crypto information tracker.

In response to the revelation, Coin Coin acknowledged the integration of a third-party SDK provided by an exchange platform. However, the company emphasized that the high-risk features related to photo library access and image uploading within that SDK were disabled from the outset and were never activated or triggered. This ensured that user data remained secure. Coin Coin's technical team identified suspicious behavior in the SDK that attempted to prompt users to grant photo library access and upload photos. As a precautionary measure, they completely blocked the uploading function through the interface to prevent the execution of any potential risk features.

Coin Coin has since initiated a comprehensive code security review and has committed to enhancing the evaluation of third-party SDKs and conducting thorough background checks on partners. This proactive approach aims to prevent similar incidents from occurring in the future and to maintain the security and trust of its users.