A strain of malware capable of capturing screenshots and extracting text using Optical Character Recognition (OCR) has been identified on the Apple App Store. According to Kaspersky, this marks the first known case of such spyware infiltrating Apple’s official marketplace.
The malware, named SparkCat, was embedded in an iOS application called ComeCome-Chinese Food Delivery and was discovered late last year. SparkCat utilizes a character-recognition tool to scan images stored on a device, searching for specific keywords. If identified, the malware transmits the image to a hacker-controlled server.
Kaspersky’s analysis suggests that the malware specifically targeted mnemonic recovery phrases used for cryptocurrency wallets, indicating a financially motivated attack. The investigation further revealed that SparkCat searches for keywords in multiple languages, including Chinese, Japanese, Korean, English, Czech, French, Italian, Polish, and Portuguese, suggesting a broad targeting of users across Europe and Asia.
Additionally, the malware is designed to extract other sensitive data from a user’s gallery, including messages and passwords captured in screenshots.
Apart from ComeCome-Chinese Food Delivery, the malware was also found in other iOS applications such as AnyGPT and WeTink. As a result, Apple removed 11 iOS apps from the App Store and terminated the developer accounts associated with them. Apple also identified shared code among 89 other iOS apps, leading to their removal or rejection from the platform.
Apple reiterated that since iOS 14, the PhotoKit API allows users to grant apps access to selected photos instead of the entire gallery, enhancing privacy protections. The company emphasized its commitment to maintaining security and preventing malicious activities on its platform.
Kaspersky detected the iOS malware after identifying similar malicious code in multiple applications on the Google Play Store, where infected apps had been downloaded over 242,000 times. These apps were also distributed through unofficial third-party app stores.
