Screenshot-Reading Malware Discovered on App Store and Google Play

In a significant revelation, researchers from Kaspersky have uncovered a sophisticated malware campaign that is being disseminated through applications available on both Android and iOS platforms. Dmitry Kalinin and Sergey Puzan detailed their extensive investigation into this malicious activity, which they have named SparkCat. This campaign has likely been operational since March 2024, posing serious risks to unsuspecting users.

The researchers noted, “We cannot confirm with certainty whether the infection was a result of a supply chain attack or deliberate action by the developers.” They highlighted that some of the targeted applications, including popular food delivery services, seemed legitimate, while others were clearly designed to deceive and lure victims into a trap. SparkCat operates stealthily, masquerading its requests for permissions as normal or harmless, making it difficult for users to detect its malicious intent.

On February 6, Kaspersky provided an important update, confirming that the compromised applications had been removed from the App Store. Apple corroborated this by stating that it had taken down 11 apps associated with SparkCat, noting that these applications shared code with 89 other apps that had previously been rejected or removed from the store due to security concerns.

The alarming aspect of this malware is its use of optical character recognition (OCR) technology to scrutinize a device’s photo library. It specifically targets screenshots that contain recovery phrases for crypto wallets, which could potentially lead to significant financial losses for users. Kaspersky’s findings indicate that the infected apps on Google Play have been downloaded over 242,000 times, marking this incident as the first known case of an app harboring OCR spyware in Apple’s official app marketplace.

Apple has consistently promoted the rigorous security measures of the App Store, and while malware incidents have been infrequent, this recent discovery serves as a potent reminder that even the most secure environments are not entirely immune to sophisticated attacks. Users must remain vigilant and prioritize security practices to safeguard their devices and personal information.

Update, February 6, 2025, 5:15PM ET: This content has been revised to reflect the latest update from Kaspersky regarding the removal of the affected apps from the App Store, along with additional insights provided by Apple.