Things are changing in the security landscape as hackers and malware agents are getting more advanced and sophisticated. In a new development, researchers at Kaspersky have discovered SparkCat malware in iOS in suspicious App Store apps that can read screenshot contents.
SparkCat Malware Now Affects iOS Apps Through OCR Tech
The researchers identified a new iOS malware called “SparkCat”. It’s the first time such a threat has been found in suspicious App Store apps. This malware uses Optical Character Recognition (OCR) to scan screenshots for sensitive information. It particularly focuses on crypto wallet recovery phrases, allowing attackers to steal Bitcoin and other digital assets.
How the Malware Acts in iOS
The infected apps, including ComeCome, WeTink, and AnyGPT, contain a malicious module that leverages Google’s ML Kit OCR plug-in to analyze images. If a screenshot related to a crypto wallet is detected, the malware transmits the data to an attacker-controlled server. SparkCat has reportedly been active since March 2024, extending similar Android and PC-based attacks discovered in 2023 to iOS.
Once installed, these apps ask to access photos. If allowed, they scan images for important text, putting users at risk. Some of these apps are still in the App Store, mainly targeting people in Europe and Asia. While they focus on stealing crypto details, they could also grab other private data, like passwords.
Even with Apple’s strict app checks, SparkCat got through. Kaspersky says the apps seem normal because their permission requests look harmless, making them harder to spot. This is worrying since many iPhone users think their devices are safe from viruses.
To stay safe, Kaspersky suggests not saving important screenshots, like crypto recovery phrases, in the Photo Library. A full list of affected iOS tools and more details are on Kaspersky’s website.
iOS is historically one of the most secure operating systems in the mobile landscape. So far, Android tends to be the biggest target of attackers. However, things are starting to change since attackers are getting more advanced ways to infiltrate Apple’s ecosystem.
Source: Giz China
