Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
(Apple and Google) App Store apps with screenshot-reading malware found for the first time [View all]
Says Apple app store but the same problem happens to Android.
https://www.theverge.com/news/606649/ios-iphone-app-store-malicious-apps-malware-crypto-password-screenshot-reader-found
by Wes Davis
Feb 5, 2025, 10:03 AM PST
Apps distributed through both Apple and Google’s app stores are hiding malicious screenshot-reading code that’s being used to steal cryptocurrency, the cybersecurity software firm Kaspersky reported today. It’s the “first known case” of apps infected with malware that uses OCR tech to extract text from images making it into Apple’s App Store, according to a blog post detailing the company’s findings.
Kaspersky says it discovered the code from this particular malware campaign, which it calls “SparkCat,” in late 2024 and that the frameworks for it appear to have been created in March of the same year.
On iOS and in some Android instances, the malware works by triggering a request to access users’ photo galleries when they attempt to use chat support within the infected app. Once permission is granted, it uses Google OCR tech, which lets it decipher text found in photos, to look for things like screenshots of crypto wallet passwords or recovery phrases. The software then sends any images it finds back to the attackers, who can then use the info to access the wallets and steal crypto.
Kaspersky says it can’t “confirm with certainty the infection was a result of a supply chain attack or deliberate action by the developers.” The company names two AI chat apps that seem to have been created for the campaign and appear to still be available on the App Store, called WeTink and AnyGPT. Additionally, Kaspersky found the malicious code in a legitimate-seeming food delivery app called ComeCome, which you can also still download.
Kaspersky says it discovered the code from this particular malware campaign, which it calls “SparkCat,” in late 2024 and that the frameworks for it appear to have been created in March of the same year.
On iOS and in some Android instances, the malware works by triggering a request to access users’ photo galleries when they attempt to use chat support within the infected app. Once permission is granted, it uses Google OCR tech, which lets it decipher text found in photos, to look for things like screenshots of crypto wallet passwords or recovery phrases. The software then sends any images it finds back to the attackers, who can then use the info to access the wallets and steal crypto.
Kaspersky says it can’t “confirm with certainty the infection was a result of a supply chain attack or deliberate action by the developers.” The company names two AI chat apps that seem to have been created for the campaign and appear to still be available on the App Store, called WeTink and AnyGPT. Additionally, Kaspersky found the malicious code in a legitimate-seeming food delivery app called ComeCome, which you can also still download.
3 replies
= new reply since forum marked as read
= new reply since forum marked as read