Latest news with #SparkCat
Yahoo
07-02-2025
- Yahoo
Rare Screenshot-Grabbing Malware Found on Apple App Store
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing. In what appears to be a first, a strain of malware that can secretly steal screenshots from smartphones has infiltrated the Apple App Store. The so-called 'SparkCat' malware was discovered late last year secretly embedded in an iOS app called 'ComeCome-Chinese Food Delivery,' according to antivirus provider Kaspersky. SparkCat works by secretly deploying a character-recognition tool, enabling it to read text from stored images and seek out select keywords. If the desired words are found, the malware will then send the image to a hacker-controlled server. 'The [search] terms all indicated that the attackers were financially motivated, specifically targeting recovery phrases also known as 'mnemonics' that can be used to regain access to cryptocurrency wallets,' Kaspersky concluded. The antivirus provider's investigation also found that the malware will seek keywords in languages including Chinese, Japanese, Korean, English, Czech, French, Italian, Polish, and Portuguese. This suggests the attack was devised to prey on users in Europe and Asia. 'It must be noted that the malware is flexible enough to steal not just these phrases but also other sensitive data from the gallery, such as messages or passwords that might have been captured in screenshots,' Kaspersky said. The malicious code was also found in a few other iOS Apps, such as "AnyGPT" and "WeTink." The findings prompted Apple to remove a total of 11 iOS apps from its official store. Apple also told PCMag that the 11 apps shared computer code with 89 other iOS apps, which have also been removed or rejected. In addition, the developer accounts behind the apps have been terminated. Despite the malicious threat, Apple also noted that starting in iOS 14, the PhotoKit API lets users select only specific photos or videos to share with an app, rather than providing full access to the entire library. The company added that it has no tolerance for malicious activity and designed its app store to be safe and private for users. Kaspersky uncovered the iOS malware after spotting the malicious code operating through a variety of infected apps on the Google Play Store. Those apps were downloaded more than 242,000 times via Google Play and also circulated through unofficial app stores. "Analyzing Android versions of the malware, Kaspersky experts found comments in the code written in Chinese," it said. "Additionally, the iOS version contained developer home directory names, 'qiongwu' and 'quiwengjing,'" suggesting that the threat actors are fluent in Chinese. Google didn't immediately respond to a request for comment. But Kaspersky says its notified Google about the malware, too. It's unclear how so many apps became infected with the malware. Some of the infected apps appear to be legitimate food delivery services while others seem to be fake programs meant to bait users. In the meantime, Kaspersky says: 'This case once again shatters the myth that iOS is somehow impervious to threats posed by malicious apps targeting Android.' This story has been updated with comment from Apple.
Yahoo
06-02-2025
- Yahoo
卡巴斯基:會掃描擷圖識別隱私文本的惡意軟體已侵入 App Store 和 Google Play
卡巴斯基日前在 Apple App Store 和 Google Play 商店中發現了多款會掃描擷圖識別隱私文本的惡意軟體。根據研究者 Dmitry Kalinin 和 Sergey Puzan 的說法,這種名為「SparkCat」的攻擊方式從 2024 年 3 月起便有活動跡象。有問題的 app 會要求一些看似無害的權限,然後利用 OCR(光學字符辨識)技術掃描用戶的圖片庫,以尋找加密錢包恢復短語等敏感資訊。 在報告中卡巴斯基提到了送餐應用 ComeCome、AI 聊天工具 AnyGPT、WeTink 等 app,據其統計光在 Play 商店中惡意軟體的下載數量已超過 24.2 萬次。「這是 Apple 官方軟體商店中首次出現基於 OCR 技術的惡意軟體。」卡巴斯基寫道,「我們無法確定這是供應鏈攻擊造成的結果還是開發人員的蓄意行為,其中一些 app(比如送餐服務)看似正常,而有一些 app 很顯然就是為了引誘受害者而設。」 緊貼最新科技資訊、網購優惠,追隨 Yahoo Tech 各大社交平台! 🎉📱 Tech Facebook: 🎉📱 Tech Instagram: 🎉📱 Tech WhatsApp 社群: 🎉📱 Tech WhatsApp 頻道: 🎉📱 Tech Telegram 頻道:
Yahoo
06-02-2025
- Yahoo
Screenshot-reading malware cracks iPhone security for the first time
In the realm of smartphones, Apple's ecosystem is deemed to be the safer one. Independent analysis by security experts has also proved that point repeatedly over the years. But Apple's guardrails are not impenetrable. On the contrary, it seems bad actors have managed yet another worrying breakthrough. As per an analysis by Kaspersky, malware with Optical Character Recognition (OCR) capabilities has been spotted on the App Store for the first time. Instead of stealing files stored on a phone, the malware scanned screenshots stored locally, analyzed the text content, and relayed the necessary information to servers. The malware-seeding operation, codenamed 'SparkCat,' targeted apps seeded from official repositories — Google's Play Store and Apple's App Store — and third-party sources. The infected apps amassed roughly a quarter million downloads across both platforms. Interestingly, the malware piggybacked atop Google's ML Kit library, a toolkit that lets developers deploy machine learning capabilities for quick and offline data processing in apps. This ML Kit system is what ultimately allowed the Google OCR model to scan photos stored on an iPhone and recognize the text containing sensitive information. But it seems the malware was not just capable of stealing crypto-related recovery codes. 'It must be noted that the malware is flexible enough to steal not just these phrases but also other sensitive data from the gallery, such as messages or passwords that might have been captured in screenshots,' says Kaspersky's report. Among the targeted iPhone apps was ComeCome, which appears to be a Chinese food delivery app on the surface, but came loaded with a screenshot-reading malware. 'This is the first known case of an app infected with OCR spyware being found in Apple's official app marketplace,' notes Kaspersky's analysis. It is, however, unclear whether the developers of these problematic apps were engaged in embedding the malware, or if it was a supply chain attack. Irrespective of the origin, the whole pipeline was quite inconspicuous as the apps seemed legitimate and catered to tasks such as messaging, AI learning, or food delivery. Notably, the cross-platform malware was also capable of obfuscating its presence, which made it harder to detect. The primary objective of this campaign was extracting crypto wallet recovery phrases, which can allow a bad actor to take over a person's crypto wallet and get away with their assets. The target zones appear to be Europe and Asia, but some of the hotlisted apps appear to be operating in Africa and other regions, as well.
