Apps distributed through both Apple and Googles app stores are hiding malicious screenshot-reading code thats being used to steal cryptocurrency, the cybersecurity software firm Kaspersky reported today. Its the first known case of apps infected with malware that uses OCR tech to extract text from images making it into Apples App Store, according to a blog post detailing the companys findings.Kaspersky says it discovered the code from this particular malware campaign, which it calls SparkCat, in late 2024 and that the frameworks for it appear to have been created in March of the same year. On iOS and in some Android instances, the malware works by triggering a request to access users photo galleries when they attempt to use chat support within the infected app. Once permission is granted, it uses Google OCR tech, which lets it decipher text found in photos, to look for things like screenshots of crypto wallet passwords or recovery phrases. The software then sends any images it finds back to the attackers, who can then use the info to access the wallets and steal crypto.Kaspersky says it cant confirm with certainty the infection was a result of a supply chain attack or deliberate action by the developers. The company names two AI chat apps that seem to have been created for the campaign and appear to still be available on the App Store, called WeTink and AnyGPT. Additionally, Kaspersky found the malicious code in a legitimate-seeming food delivery app called ComeCome, which you can also still download.Neither Apple nor Google immediately responded to The Verges request for comment.