For the first time, a type of harmful software that can read what’s on your screen has been spotted in apps from the Apple App Store, according to a report by Kaspersky.
This new malware, known as “SparkCat,” can look at screenshots on your iPhone to find private information. The main aim of these apps is to find the secret codes for cryptocurrency wallets, making it possible for thieves to steal your bitcoins and other digital money.
The apps contain a sneaky part that uses a special tool from Google’s ML Kit to read text in pictures. If it sees an image of a crypto wallet, that image gets sent to a server where the attacker can grab it.
SparkCat has been around since about March 2024. While similar malware was previously found on Android and computers, it’s now made its way to iPhones. Kaspersky found apps like ComeCome, WeTink, and AnyGPT in the App Store with this spying software. However, it’s not clear if these developers put the malware there on purpose or if it was added by someone else attacking the app’s supply chain.
Once you download these apps, they’ll ask to see your photos. If you say yes, they’ll use their reading tool to scan through your pictures for important information. These apps are still in the App Store and seem to be focusing on people in Europe and Asia.
While the primary target is crypto information, Kaspersky warns that this malware could also steal other screenshot data, like passwords. This issue isn’t just for iPhone users; similar threats have been seen on Android too, but iPhone users usually think their devices are safer from such threats.
Apple usually checks all apps before they go into the App Store, so finding malware like this shows a slip in their review process. In this case, the harmful apps don’t show they’re bad, and the permissions they ask for look like they’re needed for the app to work.
Kaspersky advises against keeping screenshots of important details like crypto wallet codes in your photo collection to protect yourself from such attacks. For more details on which apps are affected and more about this malware, you can visit Kaspersky’s website.