Apple’s App Store pulls apps with hidden screen reading malware
Kaspersky revealed details about the new “SparkCat” malware affecting a handful of iOS apps on Wednesday, leading to Apple promptly removing the compromised apps from the App Store following the report.
Some of the apps that had hidden malware included ComeCome, WeTink, and AnyGPT. 11 apps were removed in total, but when removing the apps, Apple found another 89 with the same code that had been previously rejected or removed from the App Store for violating Apple’s fraud policies. When an app is removed for fraud, Apple terminates the associated developer account.
As outlined by Kaspersky, the apps used a malicious framework with OCR capabilities designed to suss out sensitive information in images and screenshots stored on iPhones. Recovery phrases for crypto wallets were a specific target, with attackers aiming to steal bitcoin and other cryptocurrency, but the malware could target other phrases like passwords.
Apple’s default settings prevent apps from accessing a user’s photos without explicit permission. If granted access to the Photo Library, these apps could scan images for specific phrases set by the attackers. Any image containing a targeted phrase would then be uploaded to a remote server. Kaspersky’s investigation suggests this malware primarily targeted iOS users in Europe and Asia.
MacDailyNews Note: To control access to your photos on iPhone and iPad:
Go to Settings > Privacy & Security.
Tap Photos.
A list appears showing the apps that requested access. You can turn access on or off or select Limited Access for any app on the list.
To control access to your photos on Mac:
Choose Apple menu > System Settings, then click Privacy & Security in the sidebar. (You may need to scroll down.)
Click Photos.
Turn access to your photos on or off for each app in the list.
For some apps, you can click Options to give full access to all your photos, access to only photos you select, or only the ability to add photos.
Please help support MacDailyNews — and enjoy subscriber-only articles, comments, chat, and more — by subscribing to our Substack: macdailynews.substack.com. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
The post Apple’s App Store pulls apps with hidden screen reading malware appeared first on MacDailyNews.
