Malware With Screen Reading Code Found in iOS Apps for the First Time

by

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

iOS App Store General Feature Desaturated
Dubbed "SparkCat," the malware includes OCR capabilities for sussing out sensitive information that an iPhone user has taken a screenshot of. The apps that Kaspersky discovered are aimed at locating recovery phrases for crypto wallets, which would allow attackers to steal bitcoin and other cryptocurrency.

The apps include a malicious module that uses an OCR plug-in created with Google's ML Kit library to recognize text found inside images on an ‌iPhone‌. When a relevant image of a crypto wallet is located, it is sent to a server accessed by the attacker.

According to Kaspersky, SparkCat has been active since around March 2024. Similar malware was discovered in 2023 that targeted Android and PC devices, but it has now spread to iOS. Kaspersky located several ‌App Store‌ apps with OCR spyware, including ComeCome, WeTink, and AnyGPT, but it is not clear if the infection was a "deliberate action by the developers" or the "result of a supply chain attack."

The infected apps ask for permission to access a user's photos after being downloaded, and if granted permission, use the OCR functionality to sort through images looking for relevant text. Several of the apps are still in the ‌App Store‌, and seem to be targeting iOS users in Europe and Asia.

While the apps are aimed at stealing crypto information, Kaspersky says that the malware is flexible enough that it could also be used to access other data captured in screenshots, like passwords. Android apps are impacted as well, including apps from the Google Play Store, but iOS users often expect their devices to be malware resistant.

Apple checks over every app in the ‌App Store‌, and a malicious app marks a failure of Apple's app review process. In this case, there does not appear to be an obvious indication of a trojan in the app, and the permissions that it requests appear to be needed for core functionality.

Kaspersky suggests that users should avoid storing screenshots with sensitive information like crypto wallet recovery phases in their Photo Library to stay safe from this kind of attack.

A full list of iOS frameworks that are infected is available on the Kaspersky website, along with more information about the malware.

Tags: App Store, Malware

Popular Stories

General Apps Messages Redux

iOS 26: New Messages and Phone App Features Leaked Ahead of WWDC

Friday June 6, 2025 7:27 am PDT by
Apple is planning to announce several new features for the Messages and Phone apps on iOS 26, according to Bloomberg's Mark Gurman. In a lengthy report outlining his WWDC 2025 expectations today, Gurman said that the two main changes in the Messages app will be the ability to create polls, as well as the option to set a background image within a conversation. 9to5Mac was first to report...
Read Full Article42 comments
iPhone 17 Air Size Feature

'iPhone 17 Air' Launching Later This Year With These 17 New Features

Friday June 6, 2025 6:17 am PDT by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device. Overall, the iPhone 17 Air sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including worse battery life, only a single ...
Read Full Article76 comments
carplay hero dashboard

iOS 26 to Upgrade CarPlay in Two Ways

Wednesday June 4, 2025 6:24 am PDT by
While the spotlight has been on CarPlay Ultra lately, the regular version of CarPlay is set to receive some enhancements alongside iOS 26. Apple will announce iOS 26 at WWDC 2025 next week, and the software update is expected to upgrade the CarPlay experience in at least two ways. The first iOS 26 beta should be seeded to developers shortly after Apple's keynote, and the update will...
Read Full Article52 comments
Apple Activity Rings Graphic

Apple Watch Gets One Crucial Fitness Metric Wrong, Researchers Say

Thursday June 5, 2025 7:35 am PDT by
The Apple Watch provides highly accurate measurements of heart rate and step count, but their estimates of calories burned can be significantly off, according to a new peer-reviewed meta-analysis conducted by researchers at the University of Mississippi (via CNET). The study reviewed 56 previously published studies evaluating the Apple Watch's performance against gold-standard clinical tools ...
Read Full Article100 comments
General iOS Mail Feature

iPhone Users Say Mail App Suddenly Showing Blank Screen on iOS 18.5

Thursday June 5, 2025 7:02 am PDT by
If the Mail app on your iPhone is not working lately, you are not alone. A growing number of iPhone users are seeing a blank screen in the Mail app, according to comments posted across the MacRumors Forums, Reddit, Apple Support Community, and other online discussion platforms. Affected users are unable to view any emails in their inboxes, and the app can also become glitchy and...
Read Full Article91 comments
macOS Tahoe Render

macOS Tahoe Might Support One Fewer Mac Than Previously Rumored

Saturday June 7, 2025 5:27 am PDT by
macOS 26 will drop support for several older Intel-based Mac models currently compatible with macOS Sequoia, according to a private account on X with a proven track record of leaking information about Apple's software platforms. macOS 26 will be compatible with the following Mac models, the account said:MacBook Air (M1 and later) MacBook Pro (2019 and later) iMac (2020 and later) Mac...
Read Full Article129 comments
iOS 26 white

iOS 26's Digital Glass Design: Home Screen Widgets, Camera, and More

Friday June 6, 2025 8:32 am PDT by
In a lengthy report outlining his WWDC 2025 expectations today, Bloomberg's Mark Gurman shared more details about iOS 26's rumored new design. According to Gurman, iOS 26 will feature a "digital glass" design inspired by visionOS, the operating system for Apple's Vision Pro headset. That is a well-known rumor by now, but he goes on to provide some more specific details, as listed below:There ...
Read Full Article64 comments

Top Rated Comments

sw1tcher Avatar
sw1tcher
18 weeks ago

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time, according to a report from Kaspersky.

Kaspersky located several App Store apps with OCR spyware, including ComeCome, WeTink, and AnyGPT...
See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
Score: 45 Votes (Like | Disagree)
sniffies Avatar
sniffies
18 weeks ago
I wish Apple Intelligence were intelligent enough to detect and exterminate malware.

But we have genmoji. Yay.
Score: 36 Votes (Like | Disagree)
GMShadow Avatar
GMShadow
18 weeks ago

"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Those of us who weren't born yesterday know they used to run deeper checks, and developers and the media screamed about how it took too long, and how Apple was evil, and how they needed to be regulated.

So they gave people what they demanded - faster screening times. And now we get this, and people still complain, because people who don't understand anything scream the loudest about everything.
Score: 26 Votes (Like | Disagree)
nt5672 Avatar
nt5672
18 weeks ago
"Apple checks over every app in the App Store. . . ."

They'd like you to think that, but no they do NOT check every app. Apple are more interested in nanny rules than real security rules. That is not to say they won't fix this, because they almost always respond after the fact when the media holds them accountable.

That is exactly why there is no such thing as "security by obscurity." And also why 3rd party App stores should be allowed. There is no additional security provided by Apple's walled garden. Marketing at its finest.
Score: 21 Votes (Like | Disagree)
Mrkevinfinnerty Avatar
Mrkevinfinnerty
18 weeks ago
Impossible. Apple would not approve an app unsafe for the kids. ?
Score: 13 Votes (Like | Disagree)
mdnz Avatar
mdnz
18 weeks ago

See. This is what happens when you allow 3rd party app stores.

What's that? This was found on Apple's App Store? ?
You mean.... restricting 3rd party app stores was for Apple's bottom line all along? Nooooo they would never do that!
Score: 13 Votes (Like | Disagree)
Read All Comments