When it comes to safeguarding user privacy and data, Apple is known for its rigorous standards. However, the tech giant faces ongoing challenges with malicious applications that compromise user information. Recently, researchers from Kaspersky disclosed the discovery of new malware residing within apps available on the App Store, which they claim is “the first known case”of such an incident. This malware has the capability of reading users’ screenshots, effectively infringing upon individual privacy.
Malicious Apps on App Store Can Extract Sensitive Data from Screenshots
This newly identified malware affects not only iOS devices but is also present on Android platforms. Kaspersky researchers, Dmitry Kalinin and Sergey Puzan, published their findings concerning this OCR (Optical Character Recognition) malware in a detailed report. The malware can infiltrate apps downloaded from both the App Store and Google Play Store. Specifically, on iPhones, it is designed to search through the Photo Library for sensitive recovery phrases linked to cryptocurrency wallets. The researchers describe this instance as “the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.”Here’s a brief overview of how the malware operates:
The Android malware module would decrypt and launch an OCR plug-in built with Google’s ML Kit library, and use that to recognize text it found in images inside the gallery. Images that matched keywords received from the C2 were sent to the server. The iOS-specific malicious module had a similar design and also relied on Google’s ML Kit library for OCR.
The report highlights that multiple apps are targeting users across various regions in Europe and Asia. Interestingly, some of these applications are executing malware code without the developers’ awareness, potentially explaining why Apple’s stringent App Store policies failed to detect them.
We detected a series of apps embedded with a malicious framework in the App Store. We cannot confirm with certainty whether the infection was a result of a supply chain attack or deliberate action by the developers. Some of the apps, such as food delivery services, appeared to be legitimate, whereas others apparently had been built to lure victims. For example, we saw several similar AI-featured “messaging apps” by the same developer.
Alarmingly, several of these compromised applications remain accessible on the App Store as of now. Among those identified are ComeCome, a food delivery service, along with AI chatbot apps like AnyGPT and WeTink. The approach Apple will take to address this alarming situation, including potential updates to its App Store policies, remains uncertain. We will continue to monitor developments and provide updates, so stay tuned for more information.
Related Articles:
Xiaomi XRING 01 vs Snapdragon 8 Elite: Alleged Benchmark Leak Shows 10-Core CPU Only 7% Slower in Multi-Core Performance, Signaling Serious Competition
9:21
Edit MP3 Files with Cjam: Cut, Join, and Modify Without Re-Encoding
9:01
Xiaomi’s CEO Reveals XRING 01 Chipset Developed Through 10 Years of Research and $14.5 Billion Investment
5:15
Leave a Reply ▼