The App Store is intended to ensure that every downloadable app has undergone Apple’s review process. However, some iPhone applications with harmful code occasionally bypass these safeguards. Recently, researchers from Kaspersky announced the discovery of new malware in App Store apps, which they describe as ‘the first known occurrence.’
Malware detected in both iOS and Android apps using analogous methods
Today, Dmitry Kalinin and Sergey Puzan released their findings from Kaspersky regarding OCR malware that analyzes screenshots, affecting both Android and iPhone applications.
On the iPhone side, the researchers found several App Store applications that utilized OCR technology to scan users’ photo libraries for recovery phrases associated with cryptocurrency wallets. “This marks the first documented instance of an app containing OCR spyware discovered within Apple’s official app store.”
They elaborated on the functionality as follows:
The Android malware module decrypted and initiated an OCR plugin developed with Google’s ML Kit library, facilitating text recognition from images within the gallery. Images that matched certain keywords sourced from the command and control server were transmitted back. The malicious module designed for iOS followed a similar architecture and also utilized Google’s ML Kit library for OCR capabilities.
Although various applications were noted in their comprehensive report, the primary focus seemed to be on users located in Asia and Europe.
Some applications were reportedly executing malicious code without the knowledge of their developers, while others were deemed to be intentionally harmful.
A series of apps embedded with a malicious framework were identified in the App Store. We are uncertain whether the infections resulted from a supply chain attack or were a product of the developers’ intent. Certain apps, such as those for food delivery, appeared legitimate, whereas others seemed purposely designed to ensnare victims. For instance, we observed several similar AI-enhanced “messaging apps” from the same developer.
As pointed out by The Verge, many of the affected applications, such as food delivery service ComeCome and AI chat apps AnyGPT and WeTink, remain available for download on the App Store today.
To delve deeper into the specifics of this malware threat, dubbed ‘SparkCat’ by Kaspersky, you can access their complete report here.
Top iPhone accessories
: . More.
