Kaspersky researchers find screenshot-reading malware on the App Store and Google Play

Kaspersky finds screenshot malware on App Store, Google Play; apps removed.

: Kaspersky researchers discovered malware using OCR technology on apps from both App Store and Google Play, targeting crypto wallet screenshots. Named SparkCat, this campaign includes apps that seemed legitimate, like food delivery services. Despite Apple's security claims, 11 affected apps were removed, with associated apps previously rejected or removed. On Google Play, infected apps saw over 242,000 downloads.

Kaspersky researchers, Dmitry Kalinin and Sergey Puzan, have identified malware called SparkCat on mobile apps from both the App Store and Google Play. This malware uses OCR technology to identify and extract recovery phrases from screenshots related to crypto wallets.

The researchers highlighted that the infected apps appeared legitimate, such as food delivery apps, leading users to believe they were safe. Despite Apple's rigorous app review process, 11 applications were removed, indicating a breach in their security measures.

In the case of the Google Play Store, the malicious apps were downloaded over 242,000 times, underscoring the widespread impact of this malware. SparkCat's infiltration into the Apple app marketplace marks a significant first, challenging the security perception of iOS's walled garden.

cybersecuritySparkCatApp Store