Skip to main content
  1. Home
  2. Phones
  3. Mobile
  4. News

Screenshot-reading malware cracks iPhone security for the first time

Add as a preferred source on Google
A person holding an iPhone in their hand.
Bagus Hernawan / Unsplash

In the realm of smartphones, Apple’s ecosystem is deemed to be the safer one. Independent analysis by security experts has also proved that point repeatedly over the years. But Apple’s guardrails are not impenetrable. On the contrary, it seems bad actors have managed yet another worrying breakthrough.

As per an analysis by Kaspersky, malware with Optical Character Recognition (OCR) capabilities has been spotted on the App Store for the first time. Instead of stealing files stored on a phone, the malware scanned screenshots stored locally, analyzed the text content, and relayed the necessary information to servers.

Recommended Videos

The malware-seeding operation, codenamed “SparkCat,” targeted apps seeded from official repositories — Google’s Play Store and Apple’s App Store — and third-party sources. The infected apps amassed roughly a quarter million downloads across both platforms.

An app listed on the App Store infected by malware.
Kaspersky

Interestingly, the malware piggybacked atop Google’s ML Kit library, a toolkit that lets developers deploy machine learning capabilities for quick and offline data processing in apps. This ML Kit system is what ultimately allowed the Google OCR model to scan photos stored on an iPhone and recognize the text containing sensitive information.

But it seems the malware was not just capable of stealing crypto-related recovery codes. “It must be noted that the malware is flexible enough to steal not just these phrases but also other sensitive data from the gallery, such as messages or passwords that might have been captured in screenshots,” says Kaspersky’s report.

Among the targeted iPhone apps was ComeCome, which appears to be a Chinese food delivery app on the surface, but came loaded with a screenshot-reading malware. “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace,” notes Kaspersky’s analysis.

One of the iPhone apps infected by OCR malware.
Kaspersky

It is, however, unclear whether the developers of these problematic apps were engaged in embedding the malware, or if it was a supply chain attack. Irrespective of the origin, the whole pipeline was quite inconspicuous as the apps seemed legitimate and catered to tasks such as messaging, AI learning, or food delivery. Notably, the cross-platform malware was also capable of obfuscating its presence, which made it harder to detect.

The primary objective of this campaign was extracting crypto wallet recovery phrases, which can allow a bad actor to take over a person’s crypto wallet and get away with their assets. The target zones appear to be Europe and Asia, but some of the hotlisted apps appear to be operating in Africa and other regions, as well.

Nadeem Sarwar
Nadeem is the Managing Editor at Digital Trends.
Android 17 makes it harder for bad actors to guess and crack the PIN on your phone
Thieves only get 20 shots before the door slams shut
Electronics, Mobile Phone, Phone

Google is planning on making Android 17 even more secure. The company had previously confirmed that Android 17 will now reduce the number of times someone can guess your PIN or password and add longer wait times between failed attempts.

Now, thanks to a deeper breakdown from Mishaal Rahman, we have a better idea of how aggressive that change really is.

Read more
Acti just turned your smartphone keyboard into an AI assistant
One keyboard that types your words and does your errands. This might be the upgrade your thumbs have been waiting for.
Acti keyboard open on iPhone

Your smartphone’s keyboard is the thing you interact with the most, and yet, it has largely remained the same since it was introduced two decades ago. Yes, it has become better at understanding our typing habits and predicting text, but its function has largely remained unchanged. 

A Singapore startup called Acti looked at the keyboard and the large space it occupies on your smartphone and asked a fair question. Why not make it actually do things? After seeing its keyboard in action, I think the idea has legs.

Read more
Finding photos is so much easier with Siri AI in iOS 27 that I no longer scroll
Natural language photo search in iOS 27 is the kind of feature that quietly becomes essential.
Electronics, Phone, Mobile Phone

My camera roll has crossed 8,000 photos, and it got there by capturing random moments (only to forget them later). The problem, however, starts when someone asks me to share something specific. It could be their portrait from last weekend or the food pictures they snapped using my phone.

Finding those pictures usually means scrolling through my seemingly endless camera roll. If the photo is a month or two old, I end up scrolling past hundreds of other images to find it, and that gets old fast.

Read more