Screenshot-reading malware cracks iPhone security for the first time
In the realm of smartphones, Apple's ecosystem is deemed to be the safer one. Independent analysis by security experts has also proved that point repeatedly over the years. But Apple's guardrails are not impenetrable. On the contrary, it seems bad actors have managed yet another worrying breakthrough.
As per an analysis by Kaspersky, malware with Optical Character Recognition (OCR) capabilities has been spotted on the App Store for the first time. Instead of stealing files stored on a phone, the malware scanned screenshots stored locally, analyzed the text content, and relayed the necessary information to servers.
The malware-seeding operation, codenamed 'SparkCat,' targeted apps seeded from official repositories — Google's Play Store and Apple's App Store — and third-party sources. The infected apps amassed roughly a quarter million downloads across both platforms.
Interestingly, the malware piggybacked atop Google's ML Kit library, a toolkit that lets developers deploy machine learning capabilities for quick and offline data processing in apps. This ML Kit system is what ultimately allowed the Google OCR model to scan photos stored on an iPhone and recognize the text containing sensitive information.
But it seems the malware was not just capable of stealing crypto-related recovery codes. 'It must be noted that the malware is flexible enough to steal not just these phrases but also other sensitive data from the gallery, such as messages or passwords that might have been captured in screenshots,' says Kaspersky's report.
Among the targeted iPhone apps was ComeCome, which appears to be a Chinese food delivery app on the surface, but came loaded with a screenshot-reading malware. 'This is the first known case of an app infected with OCR spyware being found in Apple's official app marketplace,' notes Kaspersky's analysis.
It is, however, unclear whether the developers of these problematic apps were engaged in embedding the malware, or if it was a supply chain attack. Irrespective of the origin, the whole pipeline was quite inconspicuous as the apps seemed legitimate and catered to tasks such as messaging, AI learning, or food delivery. Notably, the cross-platform malware was also capable of obfuscating its presence, which made it harder to detect.
The primary objective of this campaign was extracting crypto wallet recovery phrases, which can allow a bad actor to take over a person's crypto wallet and get away with their assets. The target zones appear to be Europe and Asia, but some of the hotlisted apps appear to be operating in Africa and other regions, as well.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Engadget
27 minutes ago
- Engadget
Engadget Podcast: Who needs an AI web browser?
This week we're fielding your burning tech questions, as well as diving into a bunch of AI web browser news. Opera has started testing its fully agentic AI browser, the Browser Company is dumping the Arc browser in favor of something AI related and Mozilla is getting in a bit of hot water with experimental AI preview summaries. Try as we might, we just can't escape AI. This embedded content is not available in your region. iTunes Spotify Pocket Casts Stitcher Google Podcasts Listener Mailbag: How to set up an Xbox account for your kids, will screens be obsolete, and more – 1:34 Web browsers go AI 'agentic': The Browser Company leaves Arc behind. Opera and Firefox debut new features – 25:37 xAI is paying Telegram $300m this year to use Grok – 54:04 Apple's self repair program extends to iPads – 56:30 Apple might switch its OS numbering next year, iOS26 could be on the way – 58:57 Working on – 1:02:41 Pop culture picks – 1:09:26 Hosts: Devindra Hardawar and Ben Ellman Producer: Ben Ellman Music: Dale North and Terrence O'Brien If you buy something through a link in this article, we may earn commission.
Yahoo
27 minutes ago
- Yahoo
Hapbee Launches Redesigned Mobile App with AI-Powered Discovery Engine, Expanded Vibe Library and Real-Time In-App Support to Enhance Personalization, Usability, and User Engagement
Company Also Updates Status of Audited Financial Statements VANCOUVER, British Columbia, May 30, 2025 (GLOBE NEWSWIRE) -- Hapbee Technologies, Inc. (TSXV: HAPB | OTCQB: HAPBF), the digital wellness company specializing in non-chemical, frequency-based wearable technology, today announced the launch of its newly redesigned mobile app. The update features an AI-powered discovery engine, 13 new Vibes, and now also includes real-time, in-app customer support. These updates are part of Hapbee's broader strategy to improve usability, personalization, and ongoing customer engagement. The upgraded platform is available for both Apple and Android devices and includes a modern user interface, simplified navigation, and smart tools to help users identify and select Vibes aligned with their wellness goals—whether that's sleep, stress relief, focus, or energy. 'Our goal is to deliver a best-in-class user experience, and that means offering real-time support, personalization, and ease of use,' said Yona Shtern, CEO of Hapbee. 'These new features were developed based on feedback from our community and are designed to allow users to get more from their Hapbee experience—whether they're exploring new Vibes or getting immediate help when they need it.' Key Enhancements in the New Hapbee App: Refreshed Design: A simplified, responsive layout intended to improve accessibility and usability Visual Experience Selection: Users can select from mood-based images to access curated Vibes Intelligent Search: Allows for quicker discovery of Vibes by keyword or wellness category Hapbee Assistant: An AI-powered, personalized guidance feature offering Vibe suggestions and tips Community Hub: Centralized access to updates, educational content, and customer support Improved Device Connectivity: Smoother integration and control of Hapbee wearables Real-Time In-App Support: Built-in customer support functionality to report issues and get help instantly Newly Released Vibes Targeting Specific Use Cases: Coffee Break – For alertness without caffeine Workout Zone – For physical energy and motivation Auto Pilot – For focus during extended tasks, driving or work shifts Smoke Break – To help manage cigarette cravings Vape Break – To support reduction of nicotine dependency Migraine Relief – To assist with discomfort management Genius Mode – For concentration and cognitive support Rizz Mode – For confidence and social ease Sober State – For clarity and self-control Digital Detox – For reduced screen fatigue Winter's Nap – For relaxation and rest Family Time – For present, engaged interactions Oh Joy – For general mood support In-App Support and Community Engagement Customers can now report bugs, request help, and share feedback directly within the app — reducing response times and improving overall user satisfaction. Every support request automatically includes detailed technical logs and user context, enabling faster, more accurate troubleshooting. User feedback is collected and prioritized to directly shape future app updates and features. The in-app experience also connects users to the broader Hapbee community, offering access to health news, educational content, and feature announcements. Current users will see the update applied automatically. New customers can download the app directly and begin exploring the enhanced experience immediately. The redesigned Hapbee app is now available on: Apple App Store: Google Play Store: Hapbee Updates Status of Audited Financial Statements The Company also announced that the filing of its annual audited financial statements and MD&A for the year ended December 31, 2024 (the 'Financial Statements'), required pursuant to Parts 4 and 5 of National Instrument 51-102 Continuous Disclosure Obligations, remains delayed. For a detailed explanation of the reasons for the delay, please see the Company's news releases dated April 18 and May 15, 2025. The Company continues to work with its Auditor to finalize the Financial Statements, which are expected to be completed and filed on or before June 30, 2025. The Auditor has received all requested information. They have communicated with suppliers, bankers and are concluding their final stress test processes. A Management Cease Trade Order ('MCTO') under National Policy 12-203 Management Cease Trade Orders ('NP 12-203') was issued by the British Columbia Securities Commission, as principal regulator for the Company, on May 1st, 2025. The MCTO restricts all trading by the Company's CEO and CFO in securities of the Company, whether direct or indirect. The issuance of the MCTO will not affect the ability of persons who are not directors, officers or insiders of the Company to trade their securities. The MCTO will remain in effect until two business days after the Financial Statements, along with the Chief Executive Officer ('CEO') and Chief Financial Officer ('CFO') certifications (collectively, the 'Required Filings') are filed or until it is revoked or varied. The Company confirms that it intends to satisfy the provisions of the 'alternative information guidelines' described in NP 12-203 by issuing bi-weekly default status reports in the form of a news release for so long as it remains in default of the requirement to make the Required Filings. The Company has not taken any steps towards any insolvency proceeding, and the Company has no material information relating to its affairs that has not been generally disclosed. About Hapbee Hapbee is a wearable wellness technology company that helps people enhance how they feel. Powered by patented ultra-low radiofrequency energy (ulRFE®) technology, Hapbee's devices deliver signals designed to produce sensations such as happy, alert, focused, relaxed, and others. The company is committed to improving lives through safe, non-invasive wellness solutions. You can learn more about how Hapbee works at Forward-Looking Statements Certain statements included in this news release constitute forward-looking information or statements (collectively, "forward-looking statements"), including those identified by the expressions "anticipate", "believe", "plan", "estimate", "expect", "intend", "may", "should" and similar expressions to the extent they relate to the Company or its management. The forward-looking statements are not historical facts but reflect current expectations regarding future results or events. This news release contains forward-looking statements. These forward-looking statements are based on current expectations and various estimates, factors and assumptions and involve known and unknown risks, uncertainties, and other factors. Forward-looking statements are not guarantees of future performance and involve risks, uncertainties and assumptions which are difficult to predict. Such statements and information are based on numerous assumptions regarding the Company's ability to meet its planned product marketing and development initiatives and the Company's ability to achieve its e-commerce rollout and full-scale commercial launch as that could cause the actual results to differ materially from those in the forward-looking statements include, delays in design, production, manufacturing, development or releases of signal blends, collection of data from customer use, or the Company may not be able to achieve its targets as anticipated or at all; changes in legislation and regulations; increase in operating costs; equipment failures; failure of counterparties to perform their contractual obligations; litigation; the loss of key directors, employees, advisors or consultants and fees charged by service providers. Forward-looking statements contained in this news release are expressly qualified by this cautionary statement. These risks, uncertainties and assumptions could cause actual events or results to differ materially from those projected in any forward-looking statements. These statements should not be read as guarantees of future performance or results. Such statements involve known and unknown risks, uncertainties and other factors that may cause actual results, performance or achievements to be materially different from those implied by such statements. The Company assumes no responsibility to update or revise forward-looking information to reflect new events or circumstances unless required by law. Readers should not place undue reliance on the Company's forward-looking statements. Neither TSXV nor its Regulation Services Provider (as that term is defined in the policies of the TSXV) accepts responsibility for the adequacy or accuracy of this release. Renmark Financial Communications Filippone: bfilippone@ (416) 644-2020 or (514) in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
27 minutes ago
- Yahoo
Google fixes bug that led AI Overviews to say it's now 2024
AI tools are touted as capable helpers that can easily help you research, code, summarize, write and bring you knowledge of any kind. But sometimes simple questions befuddle them. Google's AI Overviews, for example, is confused what year it is. Several users reported over the past few days that when they asked Google what year it is, AI Overviews said the current year is 2024. This reporter got the same answer on Thursday morning when Google was asked if it's 2025 right now. Google finally fixed the bug late on Thursday. When asked why this happened, Google didn't provide a particular reason, only saying that it was working on an update to avoid such issues. "As with all Search features, we rigorously make improvements and use examples like this to update our systems. The vast majority of AI Overviews provide helpful, factual information, and we're actively working on an update to address this type of issue," a Google spokesperson said in a statement. Google has been working on AI Overviews for a few years now, and the feature has so far made some notable blunders -- to name just a couple, it has recommended users eat "one small rock per day," saying rocks are a good source of vitamins and minerals, and even suggested adding glue in order to help cheese stick to a pizza. When the company rolled out the feature in Hindi in India, TechCrunch found that its answers were often inconsistent and confusing. In recent weeks, Google CEO Sundar Pichai has touted usage numbers for AI Overviews, saying that the feature is now being used by 1.5 billion users in over 100 countries. He also added that in markets like the U.S. and India, the feature is driving over 10% usage of the search engine for related queries. The company is betting a lot on driving people to use its AI-powered search and Q&A features more. This article originally appeared on TechCrunch at Sign in to access your portfolio
