Search results for: “apps”

Yesterday, cybersecurity experts at Kaspersky revealed details about a new type of malware called “SparkCat” that was found in a handful of iOS apps. Following this revelation, Apple swiftly removed these apps from its App Store.

Among the apps affected were ComeCome, WeTink, and AnyGPT. In total, 11 apps were taken down, but Apple’s investigation led to the discovery of an additional 89 apps with similar malicious code, which had already been rejected or removed due to Apple’s strict anti-fraud rules. When Apple removes an app for such reasons, it also shuts down the developer’s account.

According to Kaspersky, the malware included a harmful tool that could read text from images and screenshots on iPhones, particularly targeting recovery phrases for cryptocurrency wallets. The aim was to steal valuable information like bitcoin codes, but it could also grab other sensitive phrases like passwords.

Apple’s default settings prevent apps from accessing your photos without your permission. However, if users granted these apps access to their photo library, the malware could scan for and transmit any matching key phrases to a server controlled by the attackers. The malware seemed to focus on iOS users in Europe and Asia.

Since the release of iOS 14, Apple has improved how apps can access your photos, allowing users to permit only specific images rather than the whole album. It’s wise to be cautious with app permissions and avoid granting access to all your photos to apps that seem suspicious.

Apple also offers an “App Privacy Report” feature, which you can find in the Privacy section of your iPhone’s Settings. This report shows when and how often apps access your sensitive data like your location, photos, camera, and microphone.

It’s always good to keep an eye on these privacy settings to protect your personal information.

Source

For the first time, a type of harmful software that can read what’s on your screen has been spotted in apps from the Apple App Store, according to a report by Kaspersky.

This new malware, known as “SparkCat,” can look at screenshots on your iPhone to find private information. The main aim of these apps is to find the secret codes for cryptocurrency wallets, making it possible for thieves to steal your bitcoins and other digital money.

The apps contain a sneaky part that uses a special tool from Google’s ML Kit to read text in pictures. If it sees an image of a crypto wallet, that image gets sent to a server where the attacker can grab it.

SparkCat has been around since about March 2024. While similar malware was previously found on Android and computers, it’s now made its way to iPhones. Kaspersky found apps like ComeCome, WeTink, and AnyGPT in the App Store with this spying software. However, it’s not clear if these developers put the malware there on purpose or if it was added by someone else attacking the app’s supply chain.

Once you download these apps, they’ll ask to see your photos. If you say yes, they’ll use their reading tool to scan through your pictures for important information. These apps are still in the App Store and seem to be focusing on people in Europe and Asia.

While the primary target is crypto information, Kaspersky warns that this malware could also steal other screenshot data, like passwords. This issue isn’t just for iPhone users; similar threats have been seen on Android too, but iPhone users usually think their devices are safer from such threats.

Apple usually checks all apps before they go into the App Store, so finding malware like this shows a slip in their review process. In this case, the harmful apps don’t show they’re bad, and the permissions they ask for look like they’re needed for the app to work.

Kaspersky advises against keeping screenshots of important details like crypto wallet codes in your photo collection to protect yourself from such attacks. For more details on which apps are affected and more about this malware, you can visit Kaspersky’s website.

Source

The digital world once envisioned as a borderless expanse of information and freedom, is increasingly becoming fragmented by national regulations. Following a similar move in China years ago, Apple has begun removing Virtual Private Network (VPN) applications from its App Store in India, signaling a significant shift in the availability of online privacy tools in the country. This action comes in response to a controversial Indian law that mandates stringent data retention policies for VPN providers. 

This isn’t the first time Apple has faced such a dilemma. Back in 2017, the company was compelled by the Chinese government to remove hundreds of VPN apps from its Chinese App Store. At the time, Apple CEO Tim Cook explained that the company had to comply with local laws, despite its preference to keep the apps available. He expressed hope that the restrictions would eventually be loosened, but years later, those restrictions remain firmly in place. This precedent casts a long shadow over the current situation in India.

The Indian government introduced the contentious law in 2022, effectively prohibiting anonymous VPN usage and requiring providers to maintain detailed logs of user activity. These logs must include sensitive information such as users’ names, addresses, IP addresses, and transaction histories, and be retained for a period of five years. Initially, the implementation of this law faced delays due to widespread objections. While it was eventually introduced, enforcement remained lax for a period. However, that period of grace has ended.  

Recent reports confirm that Apple has started removing VPN apps from the Indian App Store to comply with the now-enforced regulations. This action follows similar removals from the Google Play Store, indicating a coordinated effort by Indian authorities to enforce the new rules.

It appears that the government is taking a targeted approach, identifying and ordering the removal of non-compliant apps individually. This suggests that the process will be protracted, potentially leading to a significant reduction in the number of VPN apps available to Indian users, mirroring the situation in China. 

Among the removed apps are several prominent VPN services, including Cloudflare’s popular 1.1.1.1 service. The removals were triggered by orders issued by the Indian Ministry of Home Affairs, as evidenced by official documents and disclosures made by Google to Lumen, a Harvard University database that tracks government takedown requests globally.  

This situation puts reputable VPN providers in a difficult position. Complying with the Indian law would require them to compromise their core principles of user privacy and anonymity. Maintaining detailed logs of user activity goes against the very purpose of a VPN, which is to provide secure and private online access. Consequently, most reputable VPN providers are unlikely to comply with these demands, choosing instead to withdraw their services from the Indian market.

For Apple, this situation presents a complex challenge. The company has consistently emphasized its commitment to user privacy. However, it also has a legal obligation to comply with the laws of the countries in which it operates. This creates a clear conflict of interest, forcing Apple to choose between its stated values and its business interests.

While Apple could theoretically take a stand and withdraw from the Indian market altogether, such a move is highly improbable. India has become a crucial market for Apple, serving as its second-largest production center and a rapidly growing consumer base. Moreover, the precedent set in China, a far more critical manufacturing hub for Apple, suggests that the company is unlikely to prioritize principle over market access.  

The removal of VPN apps from the Indian App Store represents more than just a reduction in available software. It symbolizes a growing trend of governments seeking greater control over online activity, often at the expense of individual privacy. This trend raises serious concerns about the future of internet freedom and the ability of individuals to protect themselves from online surveillance.

The situation in India serves as a stark reminder that the fight for online privacy is an ongoing battle, one that requires constant vigilance and advocacy. The digital landscape is changing, and the implications for users in India, and potentially other countries, are significant.

Source