iPhone screenshot reading malware appears for the first time

SparkCat malware has been discovered inside several apps on the App Store, capable of harvesting content from iPhone users' screenshots.

According to security researchers at Kaspersky, the SparkCat malware exists in apps that have already passed Apple's security checks to appear on the App Store. The apps found to be infected with SparkCat include ComeCome, WeTink, and AnyGPT. This is also the first time such a threat has been found in App Store apps.

iPhone screenshot reading malware appears for the first time Picture 1 iPhone screenshot reading malware appears for the first time Picture 1

Illustration of malware stealing digital wallets on the App Store. Photo: ReadWrite

Kaspersky's analysis found that the SparkCat-infected apps use Optical Character Recognition (OCR) to scan screenshots for sensitive information. Inside, they contain a malicious module that leverages Google's ML Kit OCR plug-in to analyze images and extract their content.

SparkCat specifically focuses on the 'seed' phrase used to recover digital wallets, allowing attackers to steal Bitcoin and other digital assets. Experts say that if the malware detects a screenshot related to a digital wallet, it will immediately transmit the captured data to the attacker's server.

SparkCat is believed to have been active since March 2024, but primarily on Android devices before recently appearing on iOS devices. In addition to harvesting content from screenshots, when installed, SparkCat-infected apps will request permission to access photos and scan for other important content.

Kaspersky said some SparkCat-infected apps are still available on the App Store. It is not yet clear whether this is a deliberate action by the developers or if they have been hacked.

Apple has not commented.

Kaspersky recommends that users do not save screenshots containing important content, such as recovery phrases for e-wallets, bank passwords, etc. in the Photo Gallery. Instead, they should use a password manager or store them in a safer place.

According to GizChina, iOS has historically been one of the most secure operating systems on mobile devices. Hackers also tend to attack Android devices more. However, things are changing recently as attackers are using more advanced methods to penetrate Apple platforms.