iPhone screenshot reading malware appears for the first time

According to security researchers at Kaspersky, the SparkCat malware exists in apps that have already passed Apple's security checks to appear on the App Store. The apps found to be infected with SparkCat include ComeCome, WeTink, and AnyGPT. This is also the first time such a threat has been found in App Store apps.

Kaspersky's analysis found that the SparkCat-infected apps use Optical Character Recognition (OCR) to scan screenshots for sensitive information. Inside, they contain a malicious module that leverages Google's ML Kit OCR plug-in to analyze images and extract their content.

SparkCat specifically focuses on the “seed” phrase used to recover digital wallets, allowing attackers to steal Bitcoin and other digital assets. Experts say that if a screenshot related to a digital wallet is detected, the malware will immediately transmit the captured data to the attacker’s server.

SparkCat is believed to have been active since March 2024, but primarily on Android devices before recently appearing on iOS devices. In addition to harvesting content from screenshots, when installed, SparkCat-infected apps will request permission to access photos and scan for other important content.

Kaspersky said some SparkCat-infected apps are still available on the App Store. It is not yet clear whether this is a deliberate action by the developers or if they have been hacked.

Apple has not commented.

Kaspersky recommends that users do not save screenshots containing important content, such as recovery phrases for e-wallets, bank passwords, etc. in the photo library. Instead, they should use a password manager or store them in a safer place.

According toGizChinaHistorically, iOS has been one of the most secure operating systems on mobile devices. Hackers also tend to attack Android devices more. However, things are changing as attackers are using more advanced methods to penetrate Apple platforms.