Malicious code SparkCat is discovered inside a number of apps on the App Store, there is the ability to collect content from a screenshot of the iPhone users.
According to the security researcher at Kaspersky, malware SparkCat exist in the application which had passed the security check of the Apple to appear on store App Store. The infected application SparkCat was discovered ComeCome, WeTink and AnyGPT. This is also the first such threat is found in the App Store.
Analysis of Kaspersky shows app series infected SparkCat use the Recognition optical character (OCR) to scan the screenshot with the purpose of finding sensitive information. Inside they contain malicious modules, take advantage of the plug-in add ML Kit OCR by Google to analyse the image and get content on it.
SparkCat special focus on the phrase “seed” used to restore the wallet number, thereby allowing the attacker to steal Bitcoin and digital assets, other. Experts said that if the detection screen shots related to wallet number, the malicious code will immediately transmit the data collected to a server of the attacker.
SparkCat is said to have been active from January 3/2024, but mainly on your Android device before appeared on devices running the iOS recently. Besides collecting content from the screenshot, when installed, the application infected SparkCat will require access to photos and scans to take other important content.
Kaspersky said a number of apps infected SparkCat still exist on the App Store. They are not yet able to determine this is intentional from the developer or due to them being attacked.
Apple has not given comment.
Kaspersky recommends that users should not save screenshot contains important content, as the phrase to restore the wallet, electronic banking password... in the photo gallery. Instead, they should use a password manager, or stored in a safer place.
Follow GizChinahistorically, iOS is now one of the secure operating system on mobile devices. Hackers also tend to attack devices running Android more. However, recently things are slowly changing as attackers are using the way more advanced to penetrate into the Apple platform.
Source: vnexpress.net