In the realm of smartphones, Apples ecosystem is deemed to be the safer one. Independent analysis by security experts has also proved that point repeatedly over the years. But Apples guardrails are not impenetrable. On the contrary, it seems bad actors have managed yet another worrying breakthrough.As per an analysis by Kaspersky, malware with Optical Character Recognition (OCR) capabilities has been spotted on the App Store for the first time. Instead of stealing files stored on a phone, the malware scanned screenshots stored locally, analyzed the text content, and relayed the necessary information to servers.Recommended VideosThe malware-seeding operation, codenamed SparkCat, targeted apps seeded from official repositories Googles Play Store and Apples App Store and third-party sources. The infected apps amassed roughly a quarter million downloads across both platforms.Interestingly, the malware piggybacked atop Googles ML Kit library, a toolkit that lets developers deploy machine learning capabilities for quick and offline data processing in apps. This ML Kit system is what ultimately allowed the Google OCR model to scan photos stored on an iPhone and recognize the text containing sensitive information.Please enable Javascript to view this contentBut it seems the malware was not just capable of stealing crypto-related recovery codes. It must be noted that the malware is flexible enough to steal not just these phrases but also other sensitive data from the gallery, such as messages or passwords that might have been captured in screenshots, says Kasperskys report.Among the targeted iPhone apps was ComeCome, which appears to be a Chinese food delivery app on the surface, but came loaded with a screenshot-reading malware. This is the first known case of an app infected with OCR spyware being found in Apples official app marketplace, notes Kasperskys analysis.It is, however, unclear whether the developers of these problematic apps were engaged in embedding the malware, or if it was a supply chain attack. Irrespective of the origin, the whole pipeline was quite inconspicuous as the apps seemed legitimate and catered to tasks such as messaging, AI learning, or food delivery. Notably, the cross-platform malware was also capable of obfuscating its presence, which made it harder to detect.The primary objective of this campaign was extracting crypto wallet recovery phrases, which can allow a bad actor to take over a persons crypto wallet and get away with their assets. The target zones appear to be Europe and Asia, but some of the hotlisted apps appear to be operating in Africa and other regions, as well.Editors Recommendations