The "first known case" of apps infected with malware using optical character recognition (OCR) to extract text from images has been found on official Apple and Google App Store sites.
According to the cybersecurity software firm Kaspersky, the apps are hiding malicious screenshot-reading code that is used to steal cryptocurrency. Kaspersky says it discovered the code from this particular malware campaign, which it calls "SparkCat," in late 2024 and that the frameworks for it appear to have been created in March of the same year.
On iOS and in some Android instances, the malware works by triggering a request to access users' photo galleries when they attempt to use chat support within the infected app. Once permission is granted, it uses Google OCR tech to decipher text found in photos to look for things like screenshots of crypto wallet passwords or recovery phrases. The software then sends any images it finds back to the attackers, who can then use the info to access the wallets and steal crypto.
Kaspersky says it cannot "confirm with certainty the infection was a result of a supply chain attack or deliberate action by the developers." The company names two AI chat apps that seem to have been created for the campaign and appear to still be available on the App Store, called WeTink and AnyGPT. Additionally, Kaspersky found the malicious code in a legitimate-seeming food delivery app called ComeCome, which is still available for download. Wes Davis, "iOS App Store apps with screenshot-reading malware found for the first time" www.theverge.com (Feb. 05, 2025).
Commentary
One of the easiest ways to remain safe when downloading mobile apps is by sticking to the official app stores: Google Play for Android and Apple's App Store. Google and Apple vet apps before allowing listings. While malicious or unsafe applications occasionally slip through the cracks, Apple and Google remove them swiftly.
If you do use third-party app marketplaces, stay with reputable sites like the Amazon App Store or Samsung Galaxy Store. Under rare circumstances when you have no choice other than sideloading, download apps directly from the official website for that software.
Here are some signs your device may have a malware infection:
- Slowing down or crashing more than normal
- Displaying frequent error messages
- Failing to shut down or restart
- Displaying numerous pop-up messages
- Opening web pages you did not visit or sending emails you did not write
- New toolbars or icons showing up unexpectedly
- Your Internet home page changing suddenly and repeatedly
- Your laptop battery draining more quickly than normal
- Windows opening, claiming to scan your computer for viruses and finding an unrealistically large number
- Black screens opening and closing when you start the computer
- Emails being returned with virus warnings
- Icons moving when you try to click on them
Related Articles
Related Training
Related Seminars
Related Checklists
Related Links