Malware With Screen Reading Code Found in iOS Apps for the First Time

by

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

iOS App Store General Feature Desaturated
Dubbed "SparkCat," the malware includes OCR capabilities for sussing out sensitive information that an iPhone user has taken a screenshot of. The apps that Kaspersky discovered are aimed at locating recovery phrases for crypto wallets, which would allow attackers to steal bitcoin and other cryptocurrency.

The apps include a malicious module that uses an OCR plug-in created with Google's ML Kit library to recognize text found inside images on an ‌iPhone‌. When a relevant image of a crypto wallet is located, it is sent to a server accessed by the attacker.

According to Kaspersky, SparkCat has been active since around March 2024. Similar malware was discovered in 2023 that targeted Android and PC devices, but it has now spread to iOS. Kaspersky located several ‌App Store‌ apps with OCR spyware, including ComeCome, WeTink, and AnyGPT, but it is not clear if the infection was a "deliberate action by the developers" or the "result of a supply chain attack."

The infected apps ask for permission to access a user's photos after being downloaded, and if granted permission, use the OCR functionality to sort through images looking for relevant text. Several of the apps are still in the ‌App Store‌, and seem to be targeting iOS users in Europe and Asia.

While the apps are aimed at stealing crypto information, Kaspersky says that the malware is flexible enough that it could also be used to access other data captured in screenshots, like passwords. Android apps are impacted as well, including apps from the Google Play Store, but iOS users often expect their devices to be malware resistant.

Apple checks over every app in the ‌App Store‌, and a malicious app marks a failure of Apple's app review process. In this case, there does not appear to be an obvious indication of a trojan in the app, and the permissions that it requests appear to be needed for core functionality.

Kaspersky suggests that users should avoid storing screenshots with sensitive information like crypto wallet recovery phases in their Photo Library to stay safe from this kind of attack.

A full list of iOS frameworks that are infected is available on the Kaspersky website, along with more information about the malware.

Tags: App Store, Malware

Popular Stories

Alleged iOS 19 Icons Front Page Tech

iOS 19 Leak Reveals Alleged New Design With Rounder App Icons, Floating Tab Bar, and More

Monday April 7, 2025 3:13 pm PDT by
YouTube channel Front Page Tech is back today with another video that provides a closer look at iOS 19's alleged design changes. The video contains re-created renders of iOS 19, which are allegedly based on real footage of the software update, provided by sources within Apple. Overall, iOS 19 is expected to have a more glass-like, visionOS-inspired design, with added translucency for user...
Read Full Article236 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

iPhone 17 Pro's New Rear Camera Bar 'Same Color As Rest of Device'

Monday April 7, 2025 2:09 am PDT by
Apple's upcoming iPhone 17 Pro models will feature a redesigned rear camera panel that spans the width of the device, but it will be the same color as the iPhone itself, rather than being part of a two-tone design. That's according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, the reporter says the iPhone 17 Pro won't have a two-toned back, as some renders have...
Read Full Article64 comments
iphone x front back

Apple Planning 'Bold' New 20th Anniversary Design for 2027 iPhone Pro

Monday April 7, 2025 2:46 am PDT by
Apple is preparing a "major shake-up" for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. iPhone X released in 2017 for 10th anniversary Writing in his latest Power On newsletter, Gurman says that Apple plans to launch a foldable iPhone alongside a "bold" new iPhone Pro model that makes more extensive use of glass. Could this mean Apple plans to realize former...
Read Full Article91 comments
iOS 18 Siri Personal Context

Report Reveals Internal Chaos Behind Apple's Siri Failure

Thursday April 10, 2025 7:15 am PDT by
A new report from The Information today reveals much of the internal turmoil behind Apple Intelligence's revamped version of Siri. Apple apparently weighed up multiple options for the backend of Apple Intelligence. One initial idea was to build both small and large language models, dubbed "Mini Mouse" and "Mighty Mouse," to run locally on iPhones and in the cloud, respectively. Siri's...
Read Full Article227 comments
iPhone Assembly

Trump Believes Apple Could Manufacture iPhones in the U.S.

Tuesday April 8, 2025 12:08 pm PDT by
U.S. President Donald Trump "absolutely" believes that Apple could manufacture its iPhones and other devices in the United States, Press Secretary Karoline Leavitt said today during a media briefing. Leavitt was asked whether Trump thought that iPhone manufacturing is the kind of technology that could move to the U.S. "Absolutely, he believes we have the labor, we have the workforce, we have ...
Read Full Article591 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

5 Biggest Changes Rumored for iPhone 17 Pro

Tuesday April 8, 2025 2:38 am PDT by
Later this year, Apple will introduce the iPhone 17 series, which includes the iPhone 17 Pro and the iPhone 17 Pro Max, two new high-end flagship devices that will be sold alongside the regular iPhone 17 and an all-new ultra-thin iPhone 17 Air. If you have been holding out for the iPhone 17 Pro or its bigger sibling, here are five of the biggest changes, informed by the latest reports and...
Read Full Article81 comments
iphone 16 pro colors 1

Is Now the Time to Upgrade Apple Devices Before Tariffs Lead to Price Increases?

Friday April 4, 2025 3:41 pm PDT by
If you have an older Apple device that you've been considering upgrading, you're probably wondering how the newly announced tariffs might impact prices going forward, and whether it's worth buying now before there's a price hike. Given analyst and economist responses to the tariffs, market panic, and Trump's stance on the current financial chaos, the answer is that making a purchase...
Read Full Article660 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

iPhone 17 Pro Models Rumored to Offer Dual Video Recording Feature in Camera App

Tuesday April 8, 2025 7:23 am PDT by
YouTube channel Front Page Tech on Monday shared renders of iOS 19's alleged new design. The end of the video also revealed a new feature that is supposedly planned for the iPhone 17 Pro models later this year: dual video recording. According to Front Page Tech host Jon Prosser, the iPhone 17 Pro and iPhone 17 Pro Max will allow users to record video with the front and rear cameras...
Read Full Article46 comments
iOS 18

iOS 18.4.1 Update Coming Soon for iPhones

Wednesday April 9, 2025 8:56 am PDT by
Apple employees are testing iOS 18.4.1 for iPhones, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions. The software update will likely be released in a week or two, if not sooner. As the version number implies, iOS 18.4.1 will obviously be a minor update that addresses software bugs and/or security vulnerabilities. There are no...
Read Full Article21 comments

Top Rated Comments

sw1tcher Avatar
sw1tcher
9 weeks ago

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

Kaspersky located several App Store apps with OCR spyware, including ComeCome, WeTink, and AnyGPT...
See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
Score: 45 Votes (Like | Disagree)
sniffies Avatar
sniffies
9 weeks ago
I wish Apple Intelligence were intelligent enough to detect and exterminate malware.

But we have genmoji. Yay.
Score: 36 Votes (Like | Disagree)
GMShadow Avatar
GMShadow
9 weeks ago

"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Those of us who weren't born yesterday know they used to run deeper checks, and developers and the media screamed about how it took too long, and how Apple was evil, and how they needed to be regulated.

So they gave people what they demanded - faster screening times. And now we get this, and people still complain, because people who don't understand anything scream the loudest about everything.
Score: 26 Votes (Like | Disagree)
nt5672 Avatar
nt5672
9 weeks ago
"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Score: 21 Votes (Like | Disagree)
Mrkevinfinnerty Avatar
Mrkevinfinnerty
9 weeks ago
Impossible. Apple would not approve an app unsafe for the kids. ?
Score: 13 Votes (Like | Disagree)
mdnz Avatar
mdnz
9 weeks ago

See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
You mean.... restricting 3rd party app stores was for Apple's bottom line all along? Nooooo they would never do that!
Score: 13 Votes (Like | Disagree)
Read All Comments