In a startling revelation, cybersecurity firm Kaspersky has reported the discovery of malware in iOS and Android apps that uses Optical Character Recognition (OCR) technology to extract sensitive information from screenshots.
This marks the first known case of such malware infiltrating the Apple App Store, raising concerns about the safety of apps distributed through major platforms.
The Rise of “SparkCat” Malware
Dubbed “SparkCat,” the malware was first identified in late 2024, although its frameworks appear to have been created in March of that year.
The malware operates in a particularly stealthy manner: it activates when users attempt to use chat support within the infected app and requests permission to access the user’s photo gallery.
Once granted, the app employs Google OCR technology to scan images for text, specifically targeting screenshots containing cryptocurrency wallet passwords or recovery phrases.
How the Malware Works
Once the malicious app gains access to the user’s photos, it scans for screenshots that may contain critical financial information, such as cryptocurrency wallet details.
If such images are found, the malware transmits them back to the attackers, who can then use the information to steal from the affected wallets.
This method poses a significant threat, especially for cryptocurrency users who may rely on screenshots to save sensitive information.
Apps Affected and Ongoing Risk
Kaspersky has identified several apps involved in the campaign, including two AI chat apps named WeTink and AnyGPT, both of which appear to still be available on the App Store.
Additionally, a seemingly legitimate food delivery app called ComeCome was found to contain the same malicious code. These apps are still downloadable, leaving users at potential risk.
While Kaspersky has not definitively confirmed whether the malware was intentionally included by the app developers or if it was the result of a supply chain attack, the presence of such malware in widely available apps highlights a new security threat.
The use of OCR technology in this context is particularly concerning, as it allows attackers to bypass traditional security measures that typically protect users from malicious activities.
The Implications for App Store Security
The discovery of SparkCat raises important questions about app store security, particularly on platforms as widely used as Apple’s App Store and Google Play.
Despite Apple’s rigorous review process, malicious apps can still make their way through the system, potentially putting millions of users at risk. Both Apple and Google have yet to comment on the findings.
As cybersecurity threats evolve, so too must the defenses against them. This incident serves as a stark reminder that even trusted app stores are not immune to sophisticated malware campaigns, and users should remain vigilant about the apps they download.
Suggested Titles:
- “Malicious Screenshot-Reading Malware Found in iOS Apps for the First Time”
- “SparkCat Malware Targets Crypto Wallets Through iOS App Store Apps”
- “New Malware Uses OCR Technology to Steal Cryptocurrency from Screenshots in iOS Apps”
- “Kaspersky Uncovers First Known Screenshot-Reading Malware in iOS Apps”
- “”
- “iOS Apps with Hidden Screenshot-Reading Malware Exposed in New Cybersecurity Report”
- “SparkCat Malware in iOS Apps: A Threat to Your Cryptocurrency Wallet”
