Malware With Screen Reading Code Found in iOS Apps for the First Time

by

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

iOS App Store General Feature Desaturated
Dubbed "SparkCat," the malware includes OCR capabilities for sussing out sensitive information that an iPhone user has taken a screenshot of. The apps that Kaspersky discovered are aimed at locating recovery phrases for crypto wallets, which would allow attackers to steal bitcoin and other cryptocurrency.

The apps include a malicious module that uses an OCR plug-in created with Google's ML Kit library to recognize text found inside images on an ‌iPhone‌. When a relevant image of a crypto wallet is located, it is sent to a server accessed by the attacker.

According to Kaspersky, SparkCat has been active since around March 2024. Similar malware was discovered in 2023 that targeted Android and PC devices, but it has now spread to iOS. Kaspersky located several ‌App Store‌ apps with OCR spyware, including ComeCome, WeTink, and AnyGPT, but it is not clear if the infection was a "deliberate action by the developers" or the "result of a supply chain attack."

The infected apps ask for permission to access a user's photos after being downloaded, and if granted permission, use the OCR functionality to sort through images looking for relevant text. Several of the apps are still in the ‌App Store‌, and seem to be targeting iOS users in Europe and Asia.

While the apps are aimed at stealing crypto information, Kaspersky says that the malware is flexible enough that it could also be used to access other data captured in screenshots, like passwords. Android apps are impacted as well, including apps from the Google Play Store, but iOS users often expect their devices to be malware resistant.

Apple checks over every app in the ‌App Store‌, and a malicious app marks a failure of Apple's app review process. In this case, there does not appear to be an obvious indication of a trojan in the app, and the permissions that it requests appear to be needed for core functionality.

Kaspersky suggests that users should avoid storing screenshots with sensitive information like crypto wallet recovery phases in their Photo Library to stay safe from this kind of attack.

A full list of iOS frameworks that are infected is available on the Kaspersky website, along with more information about the malware.

Tags: App Store, Malware

Popular Stories

Google maps feaure

Google Maps Quietly Added This Long-Overdue Feature for Drivers

Wednesday December 10, 2025 2:52 am PST by
Google Maps on iOS quietly gained a new feature recently that automatically recognizes where you've parked your vehicle and saves the location for you. Announced on LinkedIn by Rio Akasaka, Google Maps' senior product manager, the new feature auto-detects your parked location even if you don't use the parking pin function, saves it for up to 48 hours, and then automatically removes it once...
Read Full Article39 comments
Foldable iPhone 2023 Feature 1

Apple to Make More Foldable iPhones Than Expected [Updated]

Tuesday December 9, 2025 9:59 am PST by
Apple has ordered 22 million OLED panels from Samsung Display for the first foldable iPhone, signaling a significantly larger production target than the display industry had previously anticipated, ET News reports. In the now-seemingly deleted report, ET News claimed that Samsung plans to mass-produce 11 million inward-folding OLED displays for Apple next year, as well as 11 million...
Read Full Article110 comments
iOS 26

15 New Things Your iPhone Can Do in iOS 26.2

Friday December 5, 2025 9:40 am PST by
Apple is about to release iOS 26.2, the second major point update for iPhones since iOS 26 was rolled out in September, and there are at least 15 notable changes and improvements worth checking out. We've rounded them up below. Apple is expected to roll out iOS 26.2 to compatible devices sometime between December 8 and December 16. When the update drops, you can check Apple's servers for the ...
Read Full Article53 comments
iOS 26

iOS 26.2 Coming Soon With These 8 New Features on Your iPhone

Thursday December 11, 2025 8:49 am PST by
Apple seeded the second iOS 26.2 Release Candidate to developers earlier this week, meaning the update will be released to the general public very soon. Apple confirmed iOS 26.2 would be released in December, but it did not provide a specific date. We expect the update to be released by early next week. iOS 26.2 includes a handful of new features and changes on the iPhone, such as a new...
Read Full Article72 comments
iPhone 14 Pro Dynamic Island

iPhone 18 Pro Leak Adds New Evidence for Under-Display Face ID

Monday December 8, 2025 4:54 am PST by
Apple is actively testing under-screen Face ID for next year's iPhone 18 Pro models using a special "spliced micro-transparent glass" window built into the display, claims a Chinese leaker. According to "Smart Pikachu," a Weibo account that has previously shared accurate supply-chain details on Chinese Android hardware, Apple is testing the special glass as a way to let the TrueDepth...
Read Full Article79 comments
iOS 26

Apple Seeds Second iOS 26.2 Release Candidate to Developers and Public Beta Testers

Monday December 8, 2025 10:18 am PST by
Apple today seeded the second release candidate version of iOS 26.2 to developers and public beta testers, with the software coming one week after Apple seeded the first RC. The release candidate represents the final version iOS 26.2 that will be provided to the public if no further bugs are found. Registered developers and public beta testers can download the betas from the Settings app on...
Read Full Article62 comments
iPhone 17 Pro Cosmic Orange

10 Reasons to Wait for Next Year's iPhone 18 Pro

Monday December 1, 2025 2:40 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article107 comments
Johny Srouji

Apple's Chipmaking Chief Johny Srouji Responds to Report About Him Potentially Leaving

Monday December 8, 2025 9:23 am PST by
Apple's chipmaking chief Johny Srouji has reportedly indicated that he plans to continue working for the company for the foreseeable future. "I love my team, and I love my job at Apple, and I don't plan on leaving anytime soon," said Srouji, in a memo obtained by Bloomberg's Mark Gurman. Here is Srouji's full memo, as shared by Bloomberg:I know you've been reading all kind of rumors and...
Read Full Article96 comments
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2 and AirPods Pro 3

Thursday December 11, 2025 11:28 am PST by
Apple today released new firmware designed for the AirPods Pro 3 and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B30, up from 8B25, while the AirPods Pro 2 firmware is 8B28, up from 8B21. There's no word on what's include in the updated firmware, but the AirPods Pro 2 and AirPods Pro 3 are getting expanded support for Live Translation in the European Union in iOS...
Read Full Article20 comments
ipad blue prime day

iPad 12 Rumored to Get iPhone 17's A19 Chip, Breaking Apple Tradition

Wednesday December 10, 2025 12:22 pm PST by
The next-generation low-cost iPad will use Apple's A19 chip, according to a report from Macworld. Macworld claims to have seen an "internal Apple code document" with information about the 2026 iPad lineup. Prior documentation discovered by MacRumors suggested that the iPad 12 would be equipped with an A18 chip, not an A19 chip. The A19 chip was just released this year in the iPhone 17, and...
Read Full Article67 comments

Top Rated Comments

sw1tcher Avatar
sw1tcher
11 months ago

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

Kaspersky located several App Store apps with OCR spyware, including ComeCome, WeTink, and AnyGPT...
See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
Score: 45 Votes (Like | Disagree)
sniffies Avatar
sniffies
11 months ago
I wish Apple Intelligence were intelligent enough to detect and exterminate malware.

But we have genmoji. Yay.
Score: 36 Votes (Like | Disagree)
GMShadow Avatar
GMShadow
11 months ago

"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Those of us who weren't born yesterday know they used to run deeper checks, and developers and the media screamed about how it took too long, and how Apple was evil, and how they needed to be regulated.

So they gave people what they demanded - faster screening times. And now we get this, and people still complain, because people who don't understand anything scream the loudest about everything.
Score: 26 Votes (Like | Disagree)
nt5672 Avatar
nt5672
11 months ago
"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Score: 21 Votes (Like | Disagree)
Mrkevinfinnerty Avatar
Mrkevinfinnerty
11 months ago
Impossible. Apple would not approve an app unsafe for the kids. ?
Score: 13 Votes (Like | Disagree)
mdnz Avatar
mdnz
11 months ago

See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
You mean.... restricting 3rd party app stores was for Apple's bottom line all along? Nooooo they would never do that!
Score: 13 Votes (Like | Disagree)
Read All Comments