Apple is very strict when it comes to the privacy and security of its users and their data. However, every now and then, an app goes through with a malicious intent to steal user data. Today, researchers at Kaspersky have reported that they have found new malware in the apps downloaded through the App Store, which, according to them, is "the first known case." The malware in these apps can read your screenshots for key data, which breaches user privacy.
There are apps on the App Store that steal specific data from screenshots
The newly discovered malware is not limited to apps downloaded through the App Store, as it is also available on Android. Dmitry Kalinin and Sergey Puzan posted their work for Kaspersky, detailing screen-reading OCR malware in apps downloaded from the App Store and Play Store. On the iPhone, the malware scans the Photo Library for specific recovery phrases for crypto wallets. “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.” This is how the duo explains how the malware works:
The Android malware module would decrypt and launch an OCR plug-in built with Google’s ML Kit library, and use that to recognize text it found in images inside the gallery. Images that matched keywords received from the C2 were sent to the server. The iOS-specific malicious module had a similar design and also relied on Google’s ML Kit library for OCR.
The report mentions several apps targeting users across various regions in Europe and Asia. A few of these apps are running malware code without the developers' knowledge, which could be why Apple's strict App Store guidelines could not catch it.
We detected a series of apps embedded with a malicious framework in the App Store. We cannot confirm with certainty whether the infection was a result of a supply chain attack or deliberate action by the developers. Some of the apps, such as food delivery services, appeared to be legitimate, whereas others apparently had been built to lure victims. For example, we saw several similar AI-featured “messaging apps” by the same developer.
The eerie bit about this situation is that a handful of these malware-struck apps are still available on the App Store, which can be downloaded right now. This includes apps like ComeCome, a food delivery app, along with AnyGPT and WeTink, AI chatbots. It remains to be seen how Apple will tackle the situation and whether it will see fit to amend its App Store guidelines. We will keep you posted with more details, so do stick around.
