Apple has taken decisive action by removing 11 applications from its App Store after a report from cybersecurity company Kaspersky flagged these apps for being affected by a new malware strain known as “SparkCat.” This malicious software was found embedded in apps such as ComeCome, WeTink, and AnyGPT, and it was capable of scanning users’ photos to extract sensitive information utilizing OCR (Optical Character Recognition) technology.
The malware primarily aimed at seizing recovery phrases for cryptocurrency wallets in an effort to steal Bitcoin and other virtual currencies. Additionally, it could also be exploited to gather passwords and other private data from images and screenshots saved on iPhones.
In light of this threat, Apple quickly took steps to eliminate the flagged applications, but it also uncovered an additional 89 applications that contained the same malicious code. These other apps had either been previously rejected or removed from the App Store for violating Apple’s fraud policies. Furthermore, Apple terminated developer accounts associated with this deceptive activity as part of its security protocols.
The apps in question required user consent to access the Photo Library. Once users granted permission, the malware could scrutinize images for keywords specified by the attackers, and then upload any pertinent information to a remote server. Kaspersky noted that the campaign appeared to target users primarily in Europe and Asia.
Apple has emphasized the advanced security features introduced in iOS 14, which allow users to grant access to only selected photos rather than their complete library. Additionally, the App Privacy Report, accessible in the Settings app, provides users with insights into how frequently apps access sensitive information, including photos, location data, microphone, and camera.
To mitigate such risks, users are advised to avoid granting excessive permissions to applications and to regularly review their device’s privacy settings.
Image Source: oasisamuel / Shutterstock
