A Kaspersky research says that malware capable of extracting sensitive information from screenshots has been discovered in apps on Apple’s App Store for the first time. The malware, dubbed "SparkCat," employs Optical Character Recognition (OCR) technology to scan and identify text within images stored on an iPhone.
The primary target appears to be recovery phrases for cryptocurrency wallets, potentially allowing attackers to steal Bitcoin and other digital assets. Kaspersky identified the malicious code in several apps, including WeTink, AnyGPT, and ComeCome, which are still available on the App Store.
The security firm, however, remains uncertain whether the infection was the result of a supply chain attack or a deliberate action by developers.
Once downloaded, these infected apps request access to users’ photo libraries, often disguised as routine permission for chat support. If granted access, the app scans stored images using an OCR plug-in based on Google’s ML Kit library.
When a relevant image—such as a screenshot of a crypto wallet key—is detected, it is sent to a remote server controlled by the attackers.
The malware has been reportedly active since March 2024, and was initially found in Android and PC-based attacks but has now made its way to iOS devices. Security experts warn that the technology could also be used to steal other sensitive information captured in screenshots, such as passwords.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
