<p>iPhone-Apps im App Store mit Malware entdeckt, die Screenshots zum Lesen wichtiger Daten nutzt.</p> Der übersetzte Text enthält keine doppelten oder nicht übersetzten Inhalte.

One of the promises of the App Store is that everything you download has been vetted by Apple. However, occasionally iPhone apps with malicious code slip through the cracks, and today researchers from Kaspersky have reported on new malware they've discovered in App Store apps – according to them, this is “the first known case”.

Malicious code found in both iOS and Android apps with similar tactics

Dmitry Kalinin and Sergey Puzan have published their work for Kaspersky today, which deals with OCR malware that reads screenshots on Android and iPhone apps.

On the iPhone side, the two developers identified a number of apps in the App Store that would use OCR to search a user's photo library for recovery phrases for crypto wallets. “This is the first known case where an app infected with OCR spyware has been found in Apple's official app marketplace.”

They explain how it works:

The Android malware module would decrypt and launch an OCR plug-in created with Google's ML Kit library, using it to recognize text it found in images within the gallery. Images that matched keywords received from the C2 were sent to the server. The iOS-specific malicious module had a similar construction and also used Google's ML Kit library for OCR.

In their full briefing, various apps are mentioned, but they seem to primarily target users in Asia and Europe.

Some apps seemed to execute the malicious code without the developers being aware of it, while others were suspected as potentially malicious actors.

We discovered a number of apps in the App Store that are embedded with a malicious framework. We cannot definitively confirm whether the infection was the result of a supply chain attack or a deliberate act by the developers. Some of the apps, such as food delivery services, seemed legitimate, while others apparently aimed to lure victims. For example, we've seen several similar AI-powered "Messaging Apps" from the same developer.

Several of the affected apps, such as The Verge, are still available for download in the App Store today, including the delivery app ComeCome and the AI chat apps AnyGPT and WeTink.

To learn more about this iPhone malware threat, which Kaspersky has dubbed "SparkCat," you can read their full report here.

Best iPhone Accessories

• AirPods Pro 2 (now only $169, reduced from $249)
• AirTag Battery Case for 10 Years
• Anker 100W Charging Brick for Fast Charging
• MagSafe Auto Mount for iPhone
• HomeKit Smart Plug Set (4 Pieces)