Not all apps are safe. It's why I always recommend downloading apps from official app stores, like the iOS App Store and Google Play Store, rather than a random website: Apple and Google both have policies to scan for malware and stop them before reaching app stores. But neither company is perfect, and apps infected with malware end up on official app marketplaces more often that we'd like to think. These apps usually pop up on the Play Store more than the App Store given that Apple is extremely strict, but that doesn't mean the App Store is impervious to malwareit definitely happens, and we've covered it before. In fact, researchers just found a batch of apps containing malicious programs on both Apple's and Google's platforms. And it's the first time this specific type of the malware was found on the iOS App Store.What is SparkCat?Researchers at Kaspersky discovered apps on both Google's Play Store and Apple's App Store that contained malicious frameworks, specifically designed to steal crypto wallet recovery phrasesa series of words used to access cryptocurrency in digital wallets. Researchers call this malware "SparkCat," and they believe it has been circulating since March 2024. If you downloaded one of these apps on either iOS or Android, the app would likely ask permission to access your photo library, then the malicious framework would launch an optical character recognition (OCR) plug-in to scan and identify text in your images. If the program found text that matched certain keywords, it would then send those images to a remote server. The idea here is to scan your library looking for screenshots that reveal the recovery phrases in your crypto wallet and send them back to the thieves who could then use those phrases to break in and steal from accounts.One of the first apps to arouse suspicious of Kaspersky researchers was a Chinese food delivery app called ComeCome. It's still available on both iOS and Android, and is the first known app infected with OCR malware to appear on Apple's App Store, according to Kaspersky. A negative review all the way from 2023 suggests the app has been using malware to steal information, but it's not clear the app has been using this specific OCR tactic the whole time. Kaspersky discovered other apps with a similar malicious framework as well. It's important to note researchers can't say whether the malware was placed in these apps by a malicious actor or the app developers embedded it themselves. That said, it appears some apps were designed to attract users without offering legitimate services in returnsuch as multiple AI messaging services from the same developer. Specifically, that's WeTink and AnyGPT, which are both still live at the time of writing. Where to go from hereFirst of all, if you have any of these affected apps installed on your iPhone or Android, delete them now. Even if the developers didn't add the malicious framework intentionally (which can happen if a third-party hijacks the app), they aren't safe to keep on your device. After that, take a moment to clean out your iPhone or Android's images folder. If you have images containing recovery phrases for your crypto wallet, be sure to delete those, but also consider deleting images that contain any sensitive information in the first place. Other malware strains may take advantage of this OCR tactic to look for social security numbers or bank account information, for example, so it's best to eliminate that risk altogether. Finally, exercise caution when downloading new apps, even when doing so through official app stores. Be sure to review all aspects of an app's page before installing it, including the reviews, description, and screenshots. If anything seems off, it's probably best to avoid downloading it. And avoid generic AI apps like the plague. Developers know there's a high demand for AI apps, which means malicious users can slyly add malware to apps in the hope that an AI fan downloads their latest scheme. Don't fall for it.