Malware With Screen Reading Code Found in iOS Apps for the First Time

by

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

iOS App Store General Feature Desaturated
Dubbed "SparkCat," the malware includes OCR capabilities for sussing out sensitive information that an iPhone user has taken a screenshot of. The apps that Kaspersky discovered are aimed at locating recovery phrases for crypto wallets, which would allow attackers to steal bitcoin and other cryptocurrency.

The apps include a malicious module that uses an OCR plug-in created with Google's ML Kit library to recognize text found inside images on an ‌iPhone‌. When a relevant image of a crypto wallet is located, it is sent to a server accessed by the attacker.

According to Kaspersky, SparkCat has been active since around March 2024. Similar malware was discovered in 2023 that targeted Android and PC devices, but it has now spread to iOS. Kaspersky located several ‌App Store‌ apps with OCR spyware, including ComeCome, WeTink, and AnyGPT, but it is not clear if the infection was a "deliberate action by the developers" or the "result of a supply chain attack."

The infected apps ask for permission to access a user's photos after being downloaded, and if granted permission, use the OCR functionality to sort through images looking for relevant text. Several of the apps are still in the ‌App Store‌, and seem to be targeting iOS users in Europe and Asia.

While the apps are aimed at stealing crypto information, Kaspersky says that the malware is flexible enough that it could also be used to access other data captured in screenshots, like passwords. Android apps are impacted as well, including apps from the Google Play Store, but iOS users often expect their devices to be malware resistant.

Apple checks over every app in the ‌App Store‌, and a malicious app marks a failure of Apple's app review process. In this case, there does not appear to be an obvious indication of a trojan in the app, and the permissions that it requests appear to be needed for core functionality.

Kaspersky suggests that users should avoid storing screenshots with sensitive information like crypto wallet recovery phases in their Photo Library to stay safe from this kind of attack.

A full list of iOS frameworks that are infected is available on the Kaspersky website, along with more information about the malware.

Tags: App Store, Malware

Popular Stories

App Store vs EU Feature 2

Apple Says It Doesn't Approve of EU Porn App

Monday February 3, 2025 1:15 pm PST by
Apple does not approve of the "Hot Tub" pornography app that was released for the iPhone in the EU using alternative app distribution, Apple said in a statement to MacRumors. Further, Apple is concerned about the potential user safety risks with a pornography app, and says that it undermines consumer trust in the Apple ecosystem. We are deeply concerned about the safety risks that hardcore...
Read Full Article441 comments
General Apple Invites Feature

Apple Launches New 'Invites' App

Tuesday February 4, 2025 8:00 am PST by
Apple today announced the launch of a new app called "Invites," which is designed to allow users to plan events like birthday parties, graduations, vacations, baby showers, and more. "With Apple Invites, an event comes to life from the moment the invitation is created, and users can share lasting memories even after they get together," said Brent Chiu-Watson, Apple's senior director of...
Read Full Article270 comments
apple power beats pro 2

Apple Expected to Announce Powerbeats Pro 2 on February 11 With These New Features

Sunday February 2, 2025 6:15 am PST by
Apple previously teased that Powerbeats Pro 2 would be released in 2025, and now an announcement date has leaked. Bloomberg's Mark Gurman today said Apple plans to unveil the wireless earbuds on Tuesday, February 11. Powerbeats Pro 2 will be priced at $250 in the U.S., he said. Powerbeats Pro are a sportier, fitness-focused alternative to AirPods Pro with built-in, adjustable ear hooks...
Read Full Article44 comments
applecare apple care banner

AppleCare+ Policy Change Coming to Apple Stores

Sunday February 2, 2025 8:34 am PST by
Starting next week, Apple's retail stores will no longer offer AppleCare+ plans as a one-time purchase, according to Bloomberg's Mark Gurman. Instead, he said the stores will only offer AppleCare+ as a subscription. For example, AppleCare+ for the iPhone 16 Pro Max costs $9.99 per month, or $199 upfront for two years. The latter option would no longer be available at Apple's stores....
Read Full Article147 comments
applecare apple care banner

Apple Raises Monthly AppleCare+ Subscription Price for All iPhones

Tuesday February 4, 2025 9:35 am PST by
Apple this week increased the prices for its monthly AppleCare+ subscription prices for the iPhone, raising the cost by 50 cents for all models in the United States. Standard AppleCare+ for the iPhone 16 models is now priced at $10.49 per month, for example, up from the prior $9.99 per month price. The 50 cent price increase applies to all available AppleCare+ plans for Apple's current...
Read Full Article128 comments
iCloud General Feature Redux

Apple May Launch New iCloud Invite Tool Codenamed 'Confetti' This Week

Sunday February 2, 2025 6:42 am PST by
As early as this week, Apple plans to introduce a new iCloud-based service for event invites, according to Bloomberg's Mark Gurman. In his Power On newsletter, Gurman said the new service is codenamed "Confetti" within Apple. He said the service will offer users a "new way to invite people to parties, functions, and meetings." He did not say if this functionality would be available through a ...
Read Full Article71 comments
iPhone 17 Pro Dual Tone Horizontal 1

iPhone 17 Pro Launching This Year With These 8 New Features

Tuesday January 28, 2025 11:48 am PST by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro concept based on rumors Below, we recap key changes rumored for the iPhone 17 Pro models as of January 2025: More aluminum: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models ...
Read Full Article
iCloud General Feature Redux

'Apple Invites' Leaked on iCloud Website

Tuesday February 4, 2025 7:11 am PST by
Update: The new Apple Invites app has officially been announced. The main iCloud.com page has seemingly confirmed Apple's rumored invites tool, which has yet to be officially announced by the company. The page says "Apple Invites" will be an iCloud+ feature:Upgrade to iCloud+ to get more storage, plan events with Apple Invites, and have peace of mind with privacy features like iCloud...
Read Full Article28 comments

Top Rated Comments

sw1tcher Avatar
sw1tcher
3 hours ago at 12:51 pm

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

Kaspersky located several App Store apps with OCR spyware, including ComeCome, WeTink, and AnyGPT...
See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
Score: 19 Votes (Like | Disagree)
sniffies Avatar
sniffies
3 hours ago at 12:49 pm
I wish Apple Intelligence were intelligent enough to detect and exterminate malware.

But we have genmoji. Yay.
Score: 15 Votes (Like | Disagree)
GMShadow Avatar
GMShadow
2 hours ago at 01:09 pm

"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Those of us who weren't born yesterday know they used to run deeper checks, and developers and the media screamed about how it took too long, and how Apple was evil, and how they needed to be regulated.

So they gave people what they demanded - faster screening times. And now we get this, and people still complain, because people who don't understand anything scream the loudest about everything.
Score: 14 Votes (Like | Disagree)
nt5672 Avatar
nt5672
3 hours ago at 01:01 pm
"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Score: 7 Votes (Like | Disagree)
Aeronauts Avatar
Aeronauts
2 hours ago at 01:40 pm

How's that walled garden working for you Apple? ?
I think we all know the walled garden is there to increase their profits rather protect their customers.
Score: 7 Votes (Like | Disagree)
nt5672 Avatar
nt5672
2 hours ago at 01:16 pm

Those of us who weren't born yesterday know they used to run deeper checks, and developers and the media screamed about how it took too long, and how Apple was evil, and how they needed to be regulated.
Having Apps in the App Store since the beginning I will never believe the earlier delays were for deeper checks. The delay was because they wanted the developers to think there were deeper checks, but the times my apps were delayed were for stupid reasons and almost always because the reviewer had no idea what they were doing.
Score: 6 Votes (Like | Disagree)
Read All Comments