Researchers Just Found Photo-Scanning Malware on Apple’s App Store for the First Time – Lifehacker
Not all apps are safe. It’s why I always recommend downloading apps from official app stores, like the iOS App Store and Google Play Store, rather than a random website: Apple and Google both have policies to scan for malware and stop them before reaching app stores. But neither company is perfect, and apps infected with malware end up on official app marketplaces more often that we’d like to think. These apps usually pop up on the Play Store more than the App Store given that Apple is extremely strict, but that doesn’t mean the App Store is impervious to malware—it definitely happens, and we’ve covered it before. In fact, researchers just found a batch of apps containing malicious programs on both Apple’s and Google’s platforms. And it’s the first time this specific type of the malware was found on the iOS App Store.Researchers at Kaspersky discovered apps on both Google’s Play Store and Apple’s App Store that contained malicious frameworks, specifically designed to steal crypto wallet recovery phrases—a series of words used to access cryptocurrency in digital wallets. Researchers call this malware “SparkCat,” and they believe it has been circulating since March 2024. If you downloaded one of these apps on either iOS or Android, the app would likely ask permission to access your photo library, then the malicious framework would launch an optical character recognition (OCR) plug-in to scan and identify text in your images. If the program found text that matched certain keywords, it would then send those images to a remote server. The idea here is to scan your library looking for screenshots that reveal the recovery phrases in your crypto wallet and send them back to the thieves who could then use those phrases to break in and steal from accounts.One of the first apps to arouse suspicious of Kaspersky researchers was a Chinese food delivery app called ComeCome. It was still available on both iOS and Android when this article was first published on Feb. 5, and is the first known app infected with OCR malware to appear on Apple’s App Store, according to Kaspersky. Both companies have since removed it from their marketplaces. When the app was live, a negative review all the way from 2023 suggested ComeCome has been using malware to steal information, but it’s not clear the app has been using this specific OCR tactic the whole time. Kaspersky discovered other apps with a similar malicious framework as well. It’s important to note researchers can’t say whether the malware was placed in these apps by a malicious actor or the app developers embedded it themselves. That said, it appears some apps were designed to attract users without offering legitimate services in return—such as multiple AI messaging services from the same developer. Specifically, that’s WeTink and AnyGPT. Again, these apps were still available when this article first published, but as of Friday, Feb. 7, they are now unavailable.First of all, if you have any of these affected apps installed on your iPhone or Android, delete them now. Even if the developers didn’t add the malicious framework intentionally (which can happen if a third-party hijacks the app), they aren’t safe to keep on your device. Plus, just because Apple and Google have scrubbed these apps from their app stores, that doesn’t mean they’ll be removed from your device. You’ll need to take care of it yourself. After that, take a moment to clean out your iPhone or Android’s images folder. If you have images containing recovery phrases for your crypto wallet, be sure to delete those, but also consider deleting images that contain any sensitive information in the first place. Other malware strains may take advantage of this OCR tactic to look for social security numbers or bank account information, for example, so it’s best to eliminate that risk altogether. Finally, exercise caution when downloading new apps, even when doing so through official app stores. Be sure to review all aspects of an app’s page before installing it, including the reviews, description, and screenshots. If anything seems off, it’s probably best to avoid downloading it. And avoid generic AI apps like the plague. Developers know there’s a high demand for AI apps, which means malicious users can slyly add malware to apps in the hope that an AI fan downloads their latest scheme. Don’t fall for it. This article was originally published on Feb. 5, 2025 and was updated on Friday, Feb. 7, to reflect that Apple and Google have both removed the named malicious apps from their app stores.Jake Peterson is Lifehacker’s Senior Technology Editor. He has a BFA in Film & TV from NYU, where he specialized in writing. Jake has been helping people with their technology professionally since 2016, beginning as technical specialist at New York’s 5th Avenue Apple Store, then as a writer for the website Gadget Hacks. In that time, he wrote and edited thousands of news and how-to articles about iPhones and Androids, including reporting on live demos from product launches from Samsung and Google. In 2021, he moved to Lifehacker and covers everything from the best uses of AI in your daily life to which MacBook to buy. His team covers all things tech, including smartphones, computers, game consoles, and subscriptions. He lives in Connecticut.Jake Peterson is Lifehacker’s Senior Technology Editor. He has a BFA in Film & TV from NYU, where he specialized in writing. Jake has been helping people with their technology professionally since 2016, beginning as technical specialist at New York’s 5th Avenue Apple Store, then as a writer for the website Gadget Hacks. In that time, he wrote and edited thousands of news and how-to articles about iPhones and Androids, including reporting on live demos from product launches from Samsung and Google. In 2021, he moved to Lifehacker and covers everything from the best uses of AI in your daily life to which MacBook to buy. His team covers all things tech, including smartphones, computers, game consoles, and subscriptions. He lives in Connecticut.Lifehacker has been a go-to source of tech help and life advice since 2005. Our mission is to offer reliable tech help and credible, practical, science-based life advice to help you live better.
© 2001-2025 Ziff Davis, LLC., A ZIFF DAVIS COMPANY. ALL RIGHTS RESERVED.Lifehacker is a federally registered trademark of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate
any affiliation or the
endorsement of Lifehacker. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.
Source: https://lifehacker.com/tech/sparkcat-malware-app-store
