In a disturbing discovery, cybersecurity firm Kaspersky has found that multiple iOS apps on the App Store have been infected with a type of malware that uses screenshot-reading technology to steal cryptocurrency. This marks the first known case of such malware making its way into Apple's App Store.

The malware, dubbed "SparkCat," was discovered by Kaspersky in late 2024, with the frameworks for the campaign created as early as March 2024. The malware works by triggering a request to access users' photo galleries when they attempt to use chat support within the infected app. Once permission is granted, it uses Google OCR (Optical Character Recognition) technology to decipher text found in photos, looking for things like screenshots of crypto wallet passwords or recovery phrases.

The malware then sends any images it finds back to the attackers, who can then use the information to access the wallets and steal cryptocurrency. Kaspersky has identified two AI chat apps, WeTink and AnyGPT, that seem to have been created specifically for this campaign and are still available on the App Store. Additionally, the malicious code was found in a legitimate-seeming food delivery app called ComeCome, which is also still available for download.

It is unclear whether the infection was a result of a supply chain attack or deliberate action by the developers. Kaspersky has not been able to confirm the exact origin of the malware. Neither Apple nor Google has responded to requests for comment on the matter.

This discovery raises concerns about the security of apps on both the App Store and Google Play Store. While Apple is known for its strict app review process, this incident shows that even the most rigorous security measures can be breached. It also highlights the importance of users being cautious when granting permissions to apps and regularly reviewing the apps they have installed.

The implications of this malware are far-reaching, as it could potentially be used to steal sensitive information from users. As the use of cryptocurrency continues to grow, it is essential that users take steps to protect themselves from such threats. This includes using strong passwords, enabling two-factor authentication, and being vigilant when using apps that request access to sensitive information.

In the wake of this discovery, it is likely that Apple and Google will take steps to increase security measures and prevent similar incidents in the future. However, it is also up to users to take responsibility for their own security and be aware of the potential risks associated with using certain apps.

As the tech industry continues to evolve, it is essential that security remains a top priority. This incident serves as a reminder of the importance of staying vigilant and taking proactive steps to protect against potential threats.