For the first time, the Apple App Store is sharing malware privileges with the Google Play Store as apps infected with screenshot-reading SparkCat malware have been discovered on both platforms by cybersecurity software firm Kaspersky.
The goal of SparkCat is to steal cryptocurrency using multiple apps to hide malicious screenshot reading code with OCR, optical character recognition. OCR converts an image of text into machine readable formats; the malware triggers requests to access photo galleries when users try to use chat support features within the infected apps. The apps then use OCT tech to search the device for screenshots of crypto wallet passwords or recovery phrases. The images are sent back to attackers who then use the stolen information to access wallets and steal cryptocurrency.
Kaspersky can’t confirm if the infection is a deliberate action by the developers, or a result of a supply chain attack. The company specifies two AI chat apps that seem to have been created specifically for the SparkCat campaign, WeTink and AnyGPT, which both still seem to be available on the app store. It also appears to have infected legitimate apps like the food delivery app Comecome.
Kaspersky says it discovered the SparkCat code back in late 2024, and that the framework for the code appears to have been created in March of 2024. SparkCat seems to have infected more Android apps than iOS but that it has crossed the threshold to infect any iOS apps at all is noteworthy on its own.
Also noteworthy is the trojan nature of the malware which doesn’t give out any malicious implants inside the application, and requests harmless permissions that can be used in the main functionality of the application allowing the malware to work quite secretly.
How to stay safe
Recommendations for staying safe include to delete or not save any screenshots that include sensitive information in the photo gallery including anything that includes phrases that could restore access to cryptocurrency wallets. Anything that contains passwords, confidential document or other sensitive data should be stored in a special application too.
In general, when selecting an app, stick to more widely known app developers with a history of putting out good software. You’re more likely to come across malware when going with fee apps as opposed to paid ones too. Before installing any app, check its rating and reviews, and look for online video reviews so you can see the app in action.
To protect your Android devices from malware, make sure that Google Play Protect is enabled if you have an Android phone. It can scan all of your existing apps – and any new ones you download – for malware. For additional protection and some useful extras like a VPN or even a password manager, you might also want to look into running one of the best Android antivirus apps alongside it.
If you’re an Apple user, you should check out some of the best Mac antivirus software from Intego as the company has come up with a workaround for scanning iPhones and iPads for malware by connecting them to a Mac first.
Bad apps are going to continue to slip through the cracks both on Android and iOS which is why you should always be extra careful when installing new software on your mobile devices.
