Malware With Screen Reader Code Found In IOS App For The First Time

Malicious malware appears in App Sotre (photo: dock. apple)

JAKARTA A new malware capable of reading the contents of the screenshot was found in a suspicious app on the App Store for the first time. This was revealed according to a report from cybersecurity firm Kaspersky.

Malware, dubbed "SparkCat", has the capability of Optical Character Recognition (OCR) to detect sensitive information stored in iPhone users' screenshots. The main target of this malware is the phrase crypto wallet recovery, which if stolen, allows hackers to take over crypto assets such as Bitcoin and other digital currencies.

According to Kaspersky, SparkCat has been active since March 2024. Previously, malware with similar capabilities was only found on Android and PC devices, but has now spread to the iOS ecosystem.

Kaspersky found several applications on the App Store containing malicious modules with OCR spyware, including Come Come, WeTink, and AnyGPT. However, it is not clear whether this infection is a deliberate action of the developer or a result of supply chain attacks.

These applications request permission to access users' Photos after download. If permission is granted, they use the OCR feature to scan images to search for relevant text, especially those related to crypto wallets. Some of these applications are still available on the App Store and target users in Europe and Asia.

In addition to stealing crypto information, Kaspersky warns that this malware is flexible enough to extract other data in screenshots, including passwords or other sensitive information.

Apple is known for its strict security systems, where every app that enters the App Store is checked before approval. However, the presence of this malware signaled a failure in the Apple app review process. In this case, malware shows no signs of being a trojan directly, and the requested permission appears to be part of the app's primary function.

How To Avoid SparkCat Attacks

Kaspersky advises users not to keep screenshots containing sensitive information, especially the phrase crypto wallet recovery, in their photo gallery.

A complete list of infected iOS frameworks as well as more information about this malware can be found on Kaspersky's website.