Home Products Firmwares Tutorials News Forum
3uTools for Windows/macOS
Win(x86) Win(x64) macOS
3uTools for iOS
Download Details
3uRemote for Windows/
Android
Win(x86) Win(x64) Android
NEWS
Malware With Screen Reading Code Found in iOS Apps for the First Time
589
2025-02-06
Posted by 3uTools

Malware With Screen Reading Code Found in iOS Apps for the First Time

 

Dubbed "SparkCat," the malware includes OCR capabilities for sussing out sensitive information that an iPhone user has taken a screenshot of. The apps that Kaspersky discovered are aimed at locating recovery phrases for crypto wallets, which would allow attackers to steal bitcoin and other cryptocurrency.

 

The apps include a malicious module that uses an OCR plug-in created with Google's ML Kit library to recognize text found inside images on an ‌iPhone‌. When a relevant image of a crypto wallet is located, it is sent to a server accessed by the attacker.

 

According to Kaspersky, SparkCat has been active since around March 2024. Similar malware was discovered in 2023 that targeted Android and PC devices, but it has now spread to iOS. Kaspersky located several ‌App Store‌ apps with OCR spyware, including ComeCome, WeTink, and AnyGPT, but it is not clear if the infection was a "deliberate action by the developers" or the "result of a supply chain attack."

 

The infected apps ask for permission to access a user's photos after being downloaded, and if granted permission, use the OCR functionality to sort through images looking for relevant text. Several of the apps are still in the ‌App Store‌, and seem to be targeting iOS users in Europe and Asia.

 

While the apps are aimed at stealing crypto information, Kaspersky says that the malware is flexible enough that it could also be used to access other data captured in screenshots, like passwords. Android apps are impacted as well, including apps from the Google Play Store, but iOS users often expect their devices to be malware resistant.

 

Apple checks over every app in the ‌App Store‌, and a malicious app marks a failure of Apple's app review process. In this case, there does not appear to be an obvious indication of a trojan in the app, and the permissions that it requests appear to be needed for core functionality.

 

Kaspersky suggests that users should avoid storing screenshots with sensitive information like crypto wallet recovery phases in their Photo Library to stay safe from this kind of attack.

 

A full list of iOS frameworks that are infected is available on the Kaspersky website, along with more information about the malware.

 

Source: Macrumors

 

Related Articles
Apple’s Best 25 iOS Apps of 2015 These are the all-time Most Popular iOS Apps and Games From 2010-2018 Security Vulnerability Discovered, Update Your Mobile iOS Apps ASAP ZipperDown Vulnerability May Impact 10% of All iOS Apps Apple Plans on Combining iPhone, iPad, Mac Apps by 2021 These are the 18 best iOS Apps with Dark Mode, According to Apple Scammy iOS Apps Used Touch ID to Push Users Toward $99 Payouts Google Maps will Now Display Speed Limits for its Android and iOS Apps
Connect with us
About Us Legal Statement Disclaimer
© 2010 - 2024 3uTools. All Rights Reserved.
3uTools can manage files, download apps / wallpapers / ringtones, flash, jailbreak
An All-in-one Tool for iOS Devices