One of the key assurances of the App Store is that every download has undergone a screening process by Apple. However, there are instances when iPhone applications containing harmful code manage to evade detection. Recently, Kaspersky researchers announced the discovery of new malware present in App Store applications, which they claim to be ‘the first documented case.’
Malware identified in both iOS and Android applications utilizing similar methods
Dmitry Kalinin and Sergey Puzan presented their findings from Kaspersky regarding OCR malware that has been detected in both Android and iPhone applications.
On the iPhone front, the researchers found several App Store applications that employed OCR technology to sift through a user’s photo library in search of recovery phrases for cryptocurrency wallets. “This marks the first recorded instance of an application infected with OCR spyware appearing in Apple’s official app store.”
They detailed the operational process:
The malware module for Android would decrypt and initiate an OCR plug-in constructed with Google’s ML Kit library, utilizing it to detect text within images from the gallery. Images that matched specific keywords received from the command-and-control (C2) server were transmitted back. The malicious module tailored for iOS featured a comparable design and similarly depended on Google’s ML Kit library for OCR functionalities.
A variety of applications are referenced throughout their comprehensive report, predominantly targeting users across Asia and Europe.
Some applications appeared to execute the malicious code without their developers being aware, while others were suspected of intentional wrongdoing.
We uncovered numerous applications embedded with a harmful framework in the App Store. We cannot definitively ascertain whether the infection stemmed from a supply chain compromise or was a deliberate act by the developers. Several applications, like food delivery services, seemed credible, while others seemed engineered to ensnare victims. For instance, we observed multiple similar AI-driven “messaging apps” from a single developer.
As noted by The Verge, several of the affected applications, such as the food delivery app ComeCome and AI chat applications AnyGPT and WeTink, remain available on the App Store for download.
To delve deeper into this iPhone malware threat, which Kaspersky has dubbed ‘SparkCat,’ you can explore their detailed report here.
Top iPhone accessories
FTC: We utilize income-generating auto affiliate links. More.
