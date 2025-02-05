Google Pixel Tablet is discounted here!
iPhone users should delete these stealer apps that made it to App Store for the first time

iOS Android
SparkCat iOS Android
Bursting the bubble that iPhones are safer than Android phones, apps with hidden image scanning capabilities have been found on the iOS App Store.

While no operating system is impervious to threats, it's more common for apps with nefarious software to make it to Google's Play Store. Kaspersky discovered a malware campaign dubbed called SparkCat that is distributing apps with malware for stealing images in phone galleries in hopes of finding recovery phrases for accessing cryptocurrency wallets and stealing funds.

The campaign targets both Android and iPhone users through both official and unofficial channels. The infected apps were downloaded more than 242,000 times from Google Play by Android users. 

While it's not known how many iPhone users fell victim to them, the fact that the apps made it to the App Store is notable as stealer apps had never before been found on Apple's app marketplace.


The malware used an OCR plug-in made with Google’s ML Kit library to read texts from images. Images that contain relevant keywords are sent back to cybercriminals behind the malware. While the malware looks for crypto wallet recovery phrases, it can also recognise other sensitive information in images, such as messages or passwords captured in screenshots. 


Some of the infected apps that were identified by Kaspersky include the food delivery app ComeCome, ChatAi, and messaging apps WeTink and AnyGPT. Some of the apps remain available on Google Play and App Store.

The malware has been active since March 2024. The impacted apps were hard to identify as they didn't necessarily behave in a fishy manner and using them for the intended functionality was enough to trigger the malware without requiring excessive permissions.

Kaspersky isn't sure whether developers are to blame for the infection or if it "was a result of a supply chain attack." This means that while some were deliberately created to lure victims, others were legitimate apps.

The campaign appears to primarily target Android and iPhone users in Europe and Asia.

If you have any of the above-mentioned apps on your phone, be sure to delete them. To keep yourself safe from malware like these, avoid saving screenshots with sensitive data in your phone gallery.
Anam Hamid
