Malware With Screen Reading Code Found in iOS Apps for the First Time

by

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

iOS App Store General Feature Desaturated
Dubbed "SparkCat," the malware includes OCR capabilities for sussing out sensitive information that an iPhone user has taken a screenshot of. The apps that Kaspersky discovered are aimed at locating recovery phrases for crypto wallets, which would allow attackers to steal bitcoin and other cryptocurrency.

The apps include a malicious module that uses an OCR plug-in created with Google's ML Kit library to recognize text found inside images on an ‌iPhone‌. When a relevant image of a crypto wallet is located, it is sent to a server accessed by the attacker.

According to Kaspersky, SparkCat has been active since around March 2024. Similar malware was discovered in 2023 that targeted Android and PC devices, but it has now spread to iOS. Kaspersky located several ‌App Store‌ apps with OCR spyware, including ComeCome, WeTink, and AnyGPT, but it is not clear if the infection was a "deliberate action by the developers" or the "result of a supply chain attack."

The infected apps ask for permission to access a user's photos after being downloaded, and if granted permission, use the OCR functionality to sort through images looking for relevant text. Several of the apps are still in the ‌App Store‌, and seem to be targeting iOS users in Europe and Asia.

While the apps are aimed at stealing crypto information, Kaspersky says that the malware is flexible enough that it could also be used to access other data captured in screenshots, like passwords. Android apps are impacted as well, including apps from the Google Play Store, but iOS users often expect their devices to be malware resistant.

Apple checks over every app in the ‌App Store‌, and a malicious app marks a failure of Apple's app review process. In this case, there does not appear to be an obvious indication of a trojan in the app, and the permissions that it requests appear to be needed for core functionality.

Kaspersky suggests that users should avoid storing screenshots with sensitive information like crypto wallet recovery phases in their Photo Library to stay safe from this kind of attack.

A full list of iOS frameworks that are infected is available on the Kaspersky website, along with more information about the malware.

Tags: App Store, Malware

Popular Stories

Apple Watch Ultra Night Mode Screen

Apple Watch Ultra 3 Launching Later This Year With Two Key Upgrades

Wednesday July 2, 2025 1:13 pm PDT by
The long wait for an Apple Watch Ultra 3 appears to be nearly over, and it is rumored to feature both satellite connectivity and 5G support. Apple Watch Ultra's existing Night Mode In his latest Power On newsletter, Bloomberg's Mark Gurman said that the Apple Watch Ultra 3 is on track to launch this year with "significant" new features, including satellite connectivity, which would let you...
Read Full Article96 comments
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 14 New Features

Friday July 4, 2025 1:05 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are just over two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:Apple logo repositioned: Apple's logo may have a lower position on the back of the iPhone 17 Pro models, compared to previous...
Read Full Article52 comments
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Max Battery Capacity Leaked

Thursday July 3, 2025 5:40 am PDT by
The iPhone 17 Pro Max will feature the biggest ever battery in an iPhone, according to the Weibo leaker known as "Instant Digital." In a new post, the leaker listed the battery capacities of the iPhone 11 Pro Max through to the iPhone 16 Pro Max, and added that the iPhone 17 Pro Max will feature a battery capacity of 5,000mAh: iPhone 11 Pro Max: 3,969mAh iPhone 12 Pro Max: 3,687mAh...
Read Full Article114 comments
airpods pro 2

AirPods Pro 3 to Help Maintain Apple's Place in Earbud Market Amid Increasing Low-Cost Competition

Thursday July 3, 2025 7:25 am PDT by
Apple's position as the dominant force in the global true wireless stereo (TWS) earbud market is expected to continue through 2025, according to Counterpoint Research. The forecast outlines a 3% year-over-year increase in global TWS unit shipments for 2025, signaling a transition from rapid growth to a more mature phase for the category. While Apple is set to remain the leading brand by...
Read Full Article33 comments
apple silicon mac lineup 2024 feature purple m5

Apple's Upcoming Macs Listed in New Report

Thursday July 3, 2025 9:09 am PDT by
AppleInsider's Marko Zivkovic today shared a list of alleged identifiers for future Mac models, which should roll out over the next year or so. The report does not reveal anything too surprising, but it does serve as further evidence that Apple is seemingly working on new models of every Mac, including the MacBook Air, MacBook Pro, iMac, Mac mini, Mac Studio, and Mac Pro. Apple is...
Read Full Article80 comments
iPhone 17 Pro Lower Logo Magsafe

iPhone 17 Pro's New MagSafe Design Revealed in Leaked Photo

Wednesday July 2, 2025 8:37 am PDT by
The upcoming iPhone 17 Pro and iPhone 17 Pro Max are rumored to have a slightly different MagSafe magnet layout compared to existing iPhone models, and a leaked photo has offered a closer look at the supposed new design. The leaker Majin Bu today shared a photo of alleged MagSafe magnet arrays for third-party iPhone 17 Pro cases. On existing iPhone models with MagSafe, the magnets form a...
Read Full Article77 comments

Top Rated Comments

sw1tcher Avatar
sw1tcher
21 weeks ago

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

Kaspersky located several App Store apps with OCR spyware, including ComeCome, WeTink, and AnyGPT...
See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
Score: 45 Votes (Like | Disagree)
sniffies Avatar
sniffies
21 weeks ago
I wish Apple Intelligence were intelligent enough to detect and exterminate malware.

But we have genmoji. Yay.
Score: 36 Votes (Like | Disagree)
GMShadow Avatar
GMShadow
21 weeks ago

"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Those of us who weren't born yesterday know they used to run deeper checks, and developers and the media screamed about how it took too long, and how Apple was evil, and how they needed to be regulated.

So they gave people what they demanded - faster screening times. And now we get this, and people still complain, because people who don't understand anything scream the loudest about everything.
Score: 26 Votes (Like | Disagree)
nt5672 Avatar
nt5672
21 weeks ago
"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Score: 21 Votes (Like | Disagree)
Mrkevinfinnerty Avatar
Mrkevinfinnerty
21 weeks ago
Impossible. Apple would not approve an app unsafe for the kids. ?
Score: 13 Votes (Like | Disagree)
mdnz Avatar
mdnz
21 weeks ago

See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
You mean.... restricting 3rd party app stores was for Apple's bottom line all along? Nooooo they would never do that!
Score: 13 Votes (Like | Disagree)
Read All Comments