One of the promises of the App Store is that anything you download has gone through a vetting process by Apple. Occasionally though, iPhone apps with malicious code slip through the cracks, and today, researchers at Kaspersky have reported on new malware they discovered in App Store apps—which they say is ‘the first known case.’
Malware found in both iOS and Android apps with similar tactics
Dmitry Kalinin and Sergey Puzan today published their work for Kaspersky about screenshot-reading OCR malware discovered in both Android and iPhone apps.
On the iPhone side, the duo identified a number of App Store apps that would use OCR to scan a user’s photo library in search of recovery phrases for crypto wallets. “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.”
The Android malware module would decrypt and launch an OCR plug-in built with Google’s ML Kit library, and use that to recognize text it found in images inside the gallery. Images that matched keywords received from the C2 were sent to the server. The iOS-specific malicious module had a similar design and also relied on Google’s ML Kit library for OCR.
Various apps are mentioned throughout their full brief, but they seem to primarily target users in Asia and Europe.
Some of the apps appeared to be running the malicious code without their developers’ knowledge, while others were suspected bad actors.
We detected a series of apps embedded with a malicious framework in the App Store. We cannot confirm with certainty whether the infection was a result of a supply chain attack or deliberate action by the developers. Some of the apps, such as food delivery services, appeared to be legitimate, whereas others apparently had been built to lure victims. For example, we saw several similar AI-featured “messaging apps” by the same developer
Several of the affected apps, as The Verge notes, are still available on the App Store for download today, including food delivery app ComeCome and AI chat apps AnyGPT and WeTink.
To learn more about this iPhone malware threat, which Kaspersky has dubbed ‘SparkCat,’ you can read their full report here.
Best iPhone accessories
FTC: We use income earning auto affiliate links. More.
