iPhone Apps Found with Malware That Reads Screenshots for Sensitive Data

Highlights

• Security researchers found malware in iPhone apps that can scan users’ screenshots using Optical Character Recognition (OCR).
• Several affected apps targeting users in Asia and Europe were found in Apple’s App Store.
• Some of these apps are reportedly still available for download raising concerns about Apple’s app review process.
• The malware uses Google’s ML Kit library for OCR to recognise text in images.

Apple App Store is supposed to be a safe space with every app going through a strict review process. However, it is often reported that malicious apps still somehow manage to slip through. Security researchers at Kaspersky have now found malware inside iPhone apps that can scan users’ screenshots for sensitive information, marking what they call “the first known case” of its kind.

Researchers Dmitry Kalinin and Sergey Puzan discovered screenshot-reading malware hidden in both iOS and Android apps. On iPhones, these apps use Optical Character Recognition (OCR) to scan images in a user’s photo library, specifically looking for crypto wallet recovery phrases.

According to Kaspersky, this is the first known instance of OCR spyware making its way into Apple’s App Store. It reads, “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.”

The report explains, “The Android malware module would decrypt and launch an OCR plug-in built with Google’s ML Kit library, and use that to recognise text it found in images inside the gallery. Images that matched keywords received from the C2 were sent to the server. The iOS-specific malicious module had a similar design and also relied on Google’s ML Kit library for OCR.”

The report lists several affected apps mainly targeting users in Asia and Europe. Some of these apps may have been compromised without their developers knowing, while others could be intentionally malicious.

“We detected a series of apps embedded with a malicious framework in the App Store. We cannot confirm with certainty whether the infection was a result of a supply chain attack or deliberate action by the developers. Some of the apps, such as food delivery services, appeared to be legitimate, whereas others apparently had been built to lure victims. For example, we saw several similar AI-featured “messaging apps” by the same developer,” the report highlights.

Surprisingly, some of these apps are still available for download on the App Store. As The Verge points out, these include:

• ComeCome (a food delivery app)
• AnyGPT (an AI chat app)
• WeTink (another AI chat app)

This discovery raises concerns about Apple’s app review process and how well it can catch advanced malware techniques.

FAQs

Q1. What type of malware was found in iPhone apps?

Answer. Security researchers found malware inside iPhone apps that can scan users’ screenshots for sensitive information using Optical Character Recognition (OCR).

Q2. Which specific apps with malware were still available for download on the App Store?

Answer. The affected apps still available for download on the App Store include ComeCome (a food delivery app), AnyGPT (an AI chat app) and WeTink (another AI chat app).

Q3. What does the malware specifically look for in users’ screenshots?

Answer. The malware scans images in a user’s photo library, specifically looking for crypto wallet recovery phrases.

Also Read: Report Highlights Inappropriate Apps Rated Safe for Young Kids on Apple’s App Store

Also Read: Apple iOS 18 Update Features