Malware-infected iOS apps with screen reading found in App Store for the first time

Most people expect their iPhones to be malware-resistant whenever they're downloading an app. And for decades, that has been the case due to Apple's walled garden. However, Kaspersky has found apps for the first time in the App Store that appear to be infected with OCR tech malware that can extract information from screenshots.

Such apps have been found in both the Apple App Store and Google Play Store. Kaspersky said that it discovered that the code for the malware, "SparkCat", has been active since March 2024.

The apps include malicious code that uses an OCR plug-in created with Google's ML Kit library to read text found on screenshots in an iPhone gallery. The main intent of this code is to find any recovery phrases for crypto wallets in images and transmit them back to the attacker. The attacker can then gain access to the crypto wallet and steal any bitcoins or other cryptocurrency.

If you've ever created a crypto wallet, you'd know that anyone can get access to your wallet using the Recovery or seed phrase which is shown at the time of wallet creation. The phrase is only shown once and the app generally advises people to write it down and keep it somewhere safe. Unfortunately, many people store their phrases as screenshots in their gallery, believing it to be safe.

While the main intent of the app is to steal crypto passwords and phrases, the code can also potentially identify other passwords and transmit that information.

The apps that Kaspersky found the malicious code in include AI chat apps, WeTink and AnyGPT, and a food delivery app, ComeCome. Notably, all three apps are still available on the App Store.

Kaspersky says it's unclear whether the code injection is a deliberate move from the developers or the result of a supply chain attack.

The app shows a request to gain access to the photo library whenever a user triggers a chat support action in the app. Then, the code keeps scanning for desired photos in the background once it gains access to the entire library.

As a general rule, try limiting any app's access to your photo library. Go to Settings > Privacy & Security > Photos and go through the list of apps that have full access to your Photos and limit their access.