Cryptocurrency-Stealing Malware Suddenly Sneaks Into the App Store

Malware lurks on the App Store, stealing cryptocurrency via screenshots.

For the first time, cybersecurity experts have discovered malware that can read screenshots to steal cryptocurrency wallet information on iOS applications.

According to a new report from Kaspersky, a sophisticated malware campaign called SparkCat is hiding in a number of apps on both Apple's App Store and the Google Play Store. What's worrying is that this is the first case of malware that can read screenshots being discovered in iOS apps.

Cryptocurrency-Stealing Malware Suddenly Sneaks Into the App Store Picture 1 Cryptocurrency-Stealing Malware Suddenly Sneaks Into the App Store Picture 1

Malware lurks on Apple's App Store.

SparkCat works by asking users to grant access to their photo library when using the app's chat feature. It then uses Google's optical character recognition (OCR) technology to scan the photos, looking for sensitive information like cryptocurrency wallet passwords or recovery phrases. These images are then sent to the attacker's server, allowing them to steal cryptocurrency.

Kaspersky said the malware has been around since March 2024 and may have infected hundreds of thousands of devices. Some of the apps suspected of containing the malware include WeTink, AnyGPT (an AI chat app), and ComeCome (a food delivery app). It is currently unclear whether this was a deliberate act by the developers or a supply chain attack.

This incident raises the alarm about information security on mobile devices, even in an ecosystem that is considered "closed" like iOS. Users need to be careful when granting access to applications, especially access to the photo library. At the same time, they should limit storing sensitive information in the form of screenshots.