Sign in Subscribe
Crypto

Warning: Malware Found on iOS Apps Steals Crypto Through Screen Reading

BitcoinProtocol.org

2 min read
Warning: Malware Found on iOS Apps Steals Crypto Through Screen Reading

There’s a new crypto cybersecurity threat called "SparkCat," which is malware that has infiltrated the iOS App Store for the first time, according to security experts at Kaspersky. This malware is not just another bug; it's a sophisticated piece of code designed to read and steal sensitive crypto information from your screenshots, such a wallet private keys and passphrases.

SparkCat employs Optical Character Recognition (OCR) technology to scan through images on your iPhone, specifically targeting screenshots that might contain recovery phrases for cryptocurrency wallets. Once it identifies these phrases, it transmits the data to servers controlled by attackers, who can then access and drain the associated crypto wallets. This malware marks a significant shift, as it's the first known case where such OCR-based stealing tactics have breached Apple's typically secure app ecosystem.

The Spread of SparkCat

This malicious software has been active since at least March 2024. While similar threats have been seen on Android and PC platforms, SparkCat's presence on iOS devices introduces a new level of concern, particularly given Apple's reputation for stringent app review processes.

Apps such as ComeCome, WeTink, and AnyGPT have been identified as carriers of this malware. Kaspersky has not confirmed whether this infection was a deliberate act by the developers or a byproduct of a supply chain attack, highlighting the complexity of modern digital threats.

Upon installation, these apps request access to your photo gallery. If permission is granted, they use their OCR capabilities to sift through your images, looking for any text that could be used maliciously. This isn't just limited to cryptocurrency data; the flexibility of the malware means it could potentially harvest other sensitive information like passwords captured in screenshots. Despite the rigorous checks by Apple, these apps managed to slip through, indicating a rare but significant oversight in Apple's app vetting process.

The impact extends beyond iOS, with Android devices also at risk through apps on the Google Play Store, although iOS users might feel more blindsided given the perceived security of their devices. The malware seems to target users primarily in Europe and Asia, but its presence in official app stores suggests a broader potential threat.

To safeguard against such attacks, Kaspersky advises users to avoid saving critical information like crypto recovery phrases in their photo libraries.