Heads up, iPhone users! You might think the App Store is super secure, but some sneaky malware has made its way in, potentially putting your crypto wallets at risk. Security researchers at Kaspersky have uncovered apps harboring OCR tech that can grab info from your screenshots.
These malicious apps, spotted in both the Apple App Store and Google Play Store, contain code dubbed “SparkCat,” active since March 2024.
The malware uses an OCR (Optical Character Recognition) plugin, powered by Google’s ML Kit, to read text within screenshots stored on your iPhone. The primary goal? To snag those crucial recovery phrases for your crypto wallets. Once it finds these phrases, it sends them back to the attacker, who can then access your wallet and drain your crypto.
If you’ve ever set up a crypto wallet, you know the recovery (or seed) phrase is the master key. It’s typically shown only once during setup, with strong recommendations to write it down and store it securely. Unfortunately, many users take a screenshot and keep it in their photo gallery, thinking it’s a safe spot.
While crypto wallet info is the main target, this code could also potentially identify and transmit other passwords and sensitive data.
The infected apps discovered by Kaspersky include AI chat apps named WeTink and AnyGPT, and a food delivery app called ComeCome. Shockingly, all three are still available for download on the App Store as of now.
Kaspersky isn’t sure if this was a deliberate move by the developers or the result of a supply chain attack.
The apps request access to your photo library when you use their chat support feature. Once granted access, the malicious code quietly scans your photos in the background, searching for those valuable recovery phrases.
Here’s what you can do to protect yourself:
Method 1: Limit Photo Library Access
This is the most effective method to secure your photos from prying eyes.
As a general security practice, limit any app’s access to your entire photo library. Here’s how:
Go to Settings > Privacy & Security > Photos, then review the list of apps with “Full Access” and change it to “Selected Photos” or “None.”
You can find more technical details about the malware, including a list of infected iOS frameworks, on the Kaspersky website.