Researchers from Kaspersky have recognized malware being distributed inside apps on each Android and iOS cell storefronts. Dmitry Kalinin and Sergey Puzan shared their investigation right into a malware marketing campaign, which they’ve dubbed SparkCat, that has probably been energetic since March 2024.
"We can’t affirm with certainty whether or not the an infection was a results of a provide chain assault or deliberate motion by the builders," the pair wrote. "Among the apps, equivalent to meals supply companies, seemed to be reputable, whereas others apparently had been constructed to lure victims."
The Kaspersky duo stated SparkCat is a stealthy operation that at a look seems to be requesting regular or innocent permissions. Among the apps the place the pair uncovered malware are nonetheless accessible to obtain, together with meals supply app ComeCome and AI chat apps AnyGPT and WeTink.
The malware in query makes use of optical character recognition (OCR) to evaluation a tool's picture library, in search of screenshots of restoration phrases for crypto wallets. Primarily based on their evaluation, contaminated Google Play apps have been downloaded greater than 242,000 occasions. Kaspersky says "That is the primary recognized case of an app contaminated with OCR adware being present in Apple’s official app market."
Apple usually promotes the rigorous safety of the App Retailer, and whereas cases of malware showing have been uncommon, this discovery is a reminder that the walled backyard just isn’t impervious to assaults.
This text initially appeared on Engadget at https://www.engadget.com/cybersecurity/kaspersky-researchers-find-screenshot-reading-malware-on-the-app-store-and-google-play-211011103.html?src=rss
