HomeRisk ManagementsKaspersky claims Apple overlooked screenshot-snooping malware in code that infiltrated the App...

Kaspersky claims Apple overlooked screenshot-snooping malware in code that infiltrated the App Store

Published on

spot_img

The recent discovery by Kaspersky researchers has revealed the presence of the first app containing hidden optical character recognition spyware in Apple’s App Store. This malicious software, found in an iOS app called ComeCome, is designed to steal cryptocurrency from unsuspecting victims.

According to Kaspersky analysts Dmitry Kalinin and Sergey Puzan, the ComeCome app, which also exists on Google’s Play store, masquerades as a food delivery service while secretly extracting users’ cryptocurrency wallet recovery phrases. The malicious app is embedded with a malicious SDK/framework that decrypts an optical character recognition (OCR) plugin to hunt for screenshots containing sensitive information on mobile devices.

Once the OCR code is activated, it extracts seed phrases that are essential for gaining control over victims’ crypto wallets and stealing their funds. The stolen seed phrases allow cybercriminals to transfer funds out of the victims’ wallets, highlighting the importance of keeping seed phrases confidential and secure.

The researchers have named this seed-snatching malware SparkCat, which is capable of not only stealing recovery phrases but also other sensitive data such as messages or passwords captured in screenshots. The malware targets Android and iOS users in Europe and Asia, with multiple instances of infected apps in the Google Play store being downloaded over 242,000 times.

Despite rigorous screening by official marketplaces, the infected apps managed to bypass security checks due to the lack of visible indications of malicious activity. This incident dispels the misconception that iOS devices are immune to threats posed by malicious apps, as highlighted by Team Kaspersky.

Apple has taken action by removing the malicious ComeCome application from the iOS store, and other infected apps have also been removed from Google Play. However, it remains unclear whether SparkCat was inserted into these applications through a supply-chain attack or a deliberate act by the developers.

The spyware, most written in Java, utilizes an unidentified protocol implemented in Rust to communicate with its remote command-and-control server. After connecting to the C2 server, Spark downloads OCR models based on the system language to extract characters from images.

Furthermore, the app uses a legitimate third-party SDK to request access to the device’s photo gallery, scanning screenshots for recovery phrases. Users who grant access to the gallery unknowingly expose their sensitive information to cybercriminals, highlighting the effectiveness of social engineering tactics employed by malicious actors.

In conclusion, the emergence of the SparkCat malware serves as a reminder of the evolving threats targeting mobile users and the importance of exercising caution while downloading and interacting with apps. The collaboration between researchers and platform providers is crucial in detecting and mitigating such threats to ensure the security and privacy of users’ sensitive information.

Source link

Latest articles

Blip – Free Cross-Platform File Sharing App

New File-Sharing Application 'Blip' Revolutionizes Device-to-Device Transfers A groundbreaking file-sharing application named Blip has emerged,...

Your Security Data May Be Going Places You Don’t Know Webinar

ISMG Registration Process: Empowering Users to Stay Informed In a significant move to engage users,...

Hackers Compromise C++ and C# Project Files to Distribute Multi-Stage Windows Backdoor

New Trojan Turns Visual Studio Projects into Software Supply Chain Attack Vectors In an alarming...

Infoblox Acquires Kentik to Enhance Unified Network Visibility

SaaS Observability Vendor Expands Capabilities With Real-Time Telemetry Acquisition By Michael Novinson Date: July 10, 2026 In...

More like this

Blip – Free Cross-Platform File Sharing App

New File-Sharing Application 'Blip' Revolutionizes Device-to-Device Transfers A groundbreaking file-sharing application named Blip has emerged,...

Your Security Data May Be Going Places You Don’t Know Webinar

ISMG Registration Process: Empowering Users to Stay Informed In a significant move to engage users,...

Hackers Compromise C++ and C# Project Files to Distribute Multi-Stage Windows Backdoor

New Trojan Turns Visual Studio Projects into Software Supply Chain Attack Vectors In an alarming...