the identification of the first iOS malware that can steal your phone's stored photos. Remove these applications
Security in iOS has always been one of its strengths, but a new piece of malware called SparkCat has managed to sneak into the App Store through seemingly harmless apps. Kaspersky discovered the malware in late 2024, although the first signs of its existence date back to March of the same year.
The way this malware works seems particularly worrying, The Verge reports. It all starts when you try to use the support chat in an infected app: By granting permission to access your photos, the malware silently starts working.
The malware uses Google technology that can read the text in your screenshots, as if they were a scanned document. Its main goal is to find the cryptocurrency wallet passwords or recovery phrases you saved in the images and then send them directly to the attackers.
The malicious apps identified so far are WeTink and AnyGPT, two AI-powered chat apps created specifically for this attack campaign. The malware has also made its way to ComeCome, a food delivery app that looks normal but hides this malicious code.
All of this makes us wonder how these apps managed to bypass Apple’s security controls, which are supposedly stricter and less lenient than Google’s on Android. Kaspersky researchers don’t yet know whether the developers intentionally introduced the malicious code or whether someone modified their apps without their knowledge. In the meantime, we’d better think twice before giving others access to our photos.