Apple’s App Store, long considered a bastion of mobile security, has been breached by a new form of malware. Cybersecurity researchers at Kaspersky have uncovered a campaign dubbed "SparkCat" that successfully infiltrated the App Store with apps containing malicious code. This marks the first documented instance of screenshot-reading malware making its way onto Apple’s tightly controlled platform.

The malware, also found in apps on Google's Play Store, operates by exploiting a user's photo library. Once installed, these infected apps, some disguised as seemingly innocuous food delivery or AI chat services, request permission to access photos. If granted, the malware utilizes an optical character recognition (OCR) plug-in, powered by Google’s ML Kit library, to scan images for text. It specifically targets screenshots containing cryptocurrency wallet recovery phrases, but can also identify other sensitive information like passwords or messages.

Upon detecting relevant keywords, the malware secretly transmits these images to servers controlled by cybercriminals. This allows attackers to potentially gain full access to victims' cryptocurrency wallets and steal their funds. Kaspersky estimates that the SparkCat campaign has been active since March 2024, with infected apps on Google Play racking up over 242,000 downloads. While the number of iPhone users affected is still unknown, the discovery is significant due to the App Store's reputation for security.

Among the identified infected apps are a food delivery app named ComeCome, and AI chat applications like ChatAi, WeTink, and AnyGPT. Disturbingly, some of these apps remain available on both the App Store and Google Play at the time of reporting. Kaspersky notes that it's unclear whether the developers of these apps were complicit in the malware's distribution, suggesting possibilities ranging from supply chain attacks to intentional malicious embedding.

Kaspersky advises users to immediately delete any of the mentioned apps from their iPhones and Android devices. To mitigate future risks, they strongly recommend avoiding storing sensitive data, especially cryptocurrency recovery phrases, as screenshots on your phone. This incident serves as a stark reminder that even official app stores are not entirely immune to malware threats, and users should exercise caution when downloading new applications, regardless of the platform.