Malware With Screen Reading Code Found in iOS Apps for the First Time

by

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

iOS App Store General Feature Desaturated
Dubbed "SparkCat," the malware includes OCR capabilities for sussing out sensitive information that an iPhone user has taken a screenshot of. The apps that Kaspersky discovered are aimed at locating recovery phrases for crypto wallets, which would allow attackers to steal bitcoin and other cryptocurrency.

The apps include a malicious module that uses an OCR plug-in created with Google's ML Kit library to recognize text found inside images on an ‌iPhone‌. When a relevant image of a crypto wallet is located, it is sent to a server accessed by the attacker.

According to Kaspersky, SparkCat has been active since around March 2024. Similar malware was discovered in 2023 that targeted Android and PC devices, but it has now spread to iOS. Kaspersky located several ‌App Store‌ apps with OCR spyware, including ComeCome, WeTink, and AnyGPT, but it is not clear if the infection was a "deliberate action by the developers" or the "result of a supply chain attack."

The infected apps ask for permission to access a user's photos after being downloaded, and if granted permission, use the OCR functionality to sort through images looking for relevant text. Several of the apps are still in the ‌App Store‌, and seem to be targeting iOS users in Europe and Asia.

While the apps are aimed at stealing crypto information, Kaspersky says that the malware is flexible enough that it could also be used to access other data captured in screenshots, like passwords. Android apps are impacted as well, including apps from the Google Play Store, but iOS users often expect their devices to be malware resistant.

Apple checks over every app in the ‌App Store‌, and a malicious app marks a failure of Apple's app review process. In this case, there does not appear to be an obvious indication of a trojan in the app, and the permissions that it requests appear to be needed for core functionality.

Kaspersky suggests that users should avoid storing screenshots with sensitive information like crypto wallet recovery phases in their Photo Library to stay safe from this kind of attack.

A full list of iOS frameworks that are infected is available on the Kaspersky website, along with more information about the malware.

Tags: App Store, Malware

Popular Stories

iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro Launching Later This Year With These 8 New Features

Tuesday March 4, 2025 3:15 pm PST by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro's alleged design via Front Page Tech Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone...
Read Full Article
Apple MacBook Air hero

Apple Says New MacBook Air Up to 23x Faster Than Intel-Based Model, But Read the Fine Print

Thursday March 6, 2025 1:46 pm PST by
Apple has a staggering marketing claim for the new MacBook Air with the M4 chip. Specifically, Apple says the new MacBook Air is up to 23x faster than the last Intel-based model. However, there are some details in the fine print to be aware of. First, Apple said it compared a new 2025 MacBook Air with a 10-core M4 chip and 32GB of RAM to a 2020 MacBook Air with a quad-core Intel Core i7...
Read Full Article140 comments
iPhone 16 Pro vs iPhone 17 Air Feature

iPhone 17 Air and 17 Pro Max Allegedly Same Size Apart From Thickness

Friday March 7, 2025 2:45 am PST by
Apple's all-new ultra-thin iPhone 17 Air shares the same dimensions as the iPhone 17 Pro Max, with the only difference being in the thickness of the devices, according to the leaker Ice Universe. Posting to their Weibo account, the Chinese leaker today claimed that the iPhone 17 Air and iPhone 17 Pro Max have identical body length, width, screen size, and bezels. "The only difference is the...
Read Full Article68 comments
CarPlay Hero

iOS 18.4 Upgrades CarPlay in Two Ways

Tuesday March 4, 2025 8:39 am PST by
The upcoming iOS 18.4 update for the iPhone includes two smaller but meaningful improvements for Apple's in-car iPhone mirroring system CarPlay. First, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra with a 14-inch...
Read Full Article
Apple Intelligence General Feature

Apple Delays Apple Intelligence Siri Features

Friday March 7, 2025 9:35 am PST by
Apple is delaying some of the Apple Intelligence Siri features that it expected to release in iOS 18, an Apple spokesperson said in a statement to Daring Fireball. Apple says that it is going to take longer than expected to roll out the more personalized Siri experience, and that these features will be rolled out "in the coming year.""Siri helps our users find what they need and get things...
Read Full Article312 comments
ipad air magic keyboard feature

Everything Apple Announced This Week

Wednesday March 5, 2025 4:03 pm PST by
It's been a busy week for Apple, with new products announced on Tuesday and Wednesday. We're now caught up on what's been rumored for a spring launch, so we thought we'd recap everything Apple came out with this week. Subscribe to the MacRumors YouTube channel for more videos. iPad Air Apple updated the iPad Air on Tuesday, updating it with the new M3 chip. The iPad Air still comes in...
Read Full Article45 comments
iphone 17 pro asherdipps

iPhone 17 Pro Max Said to Be Thicker to Accommodate Larger Battery

Friday March 7, 2025 2:47 am PST by
Apple has increased the thickness of the upcoming iPhone 17 Pro Max compared to the current generation iPhone 16 Pro Max, claims the Chinese leaker known as Ice Universe. Apple is said to have increased the depth of the iPhone 17 Pro Max to 8.725mm, up from 8.25mm on the iPhone 16 Pro Max, which would be a 0.475mm difference in thickness. The increase "surely means a larger battery,"...
Read Full Article130 comments
Apple MacBook Air hero

Apple Has Finally Solved One of the MacBook Air's Biggest Limitations

Wednesday March 5, 2025 11:29 am PST by
The new MacBook Air has a useful upgrade: it natively supports up to two external displays, in addition to the laptop's built-in display. In other words, the latest MacBook Air can be used with a pair of external displays without needing to keep the laptop's lid closed. Apple's tech specs for the new 13-inch and 15-inch MacBook Air:Simultaneously supports full native resolution on the...
Read Full Article97 comments
iPhone Fold Vertical Feature

Kuo: Apple's First Foldable iPhone to Feature Book-Style Design, Sell for Over $2,000

Wednesday March 5, 2025 9:26 pm PST by
Apple's first foldable iPhone should arrive around the end of 2026 or early 2027 with a book-style design and a premium price tag of over $2,000, according to analyst Ming-Chi Kuo. In a report today, Kuo outlines his expectations for the device, noting that it will have an approximately 7.8-inch "crease-free" inner display and a 5.5-inch outer display, matching a rumor from last month. Kuo...
Read Full Article228 comments

Top Rated Comments

sw1tcher Avatar
sw1tcher
5 weeks ago

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

Kaspersky located several App Store apps with OCR spyware, including ComeCome, WeTink, and AnyGPT...
See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
Score: 45 Votes (Like | Disagree)
sniffies Avatar
sniffies
5 weeks ago
I wish Apple Intelligence were intelligent enough to detect and exterminate malware.

But we have genmoji. Yay.
Score: 36 Votes (Like | Disagree)
GMShadow Avatar
GMShadow
5 weeks ago

"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Those of us who weren't born yesterday know they used to run deeper checks, and developers and the media screamed about how it took too long, and how Apple was evil, and how they needed to be regulated.

So they gave people what they demanded - faster screening times. And now we get this, and people still complain, because people who don't understand anything scream the loudest about everything.
Score: 26 Votes (Like | Disagree)
nt5672 Avatar
nt5672
5 weeks ago
"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Score: 21 Votes (Like | Disagree)
Mrkevinfinnerty Avatar
Mrkevinfinnerty
5 weeks ago
Impossible. Apple would not approve an app unsafe for the kids. ?
Score: 13 Votes (Like | Disagree)
mdnz Avatar
mdnz
5 weeks ago

See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
You mean.... restricting 3rd party app stores was for Apple's bottom line all along? Nooooo they would never do that!
Score: 13 Votes (Like | Disagree)
Read All Comments