Malware in Disguise: How Infected iPhone Apps Are Stealing Your Crypto Secrets

Malware Found in iOS and Android Apps on Official Marketplaces

Researchers at Kaspersky have discovered a new form of malware that uses Optical Character Recognition (OCR) to scan users' photo libraries for sensitive information, such as recovery phrases for cryptocurrency wallets. This is the first known instance of such malware being found in apps available on Apple's App Store and Google Play.

How It Works:

• Android Malware: The malicious module decrypts and launches an OCR plugin using Google’s ML Kit library to recognize text in images from the gallery. Images with specific keywords are sent to a command-and-control (C2) server.
• iOS Malware: Similarly, the iOS version of the malware uses Google’s ML Kit for OCR, scanning the photo library for sensitive data and sending it to the C2 server.

Target Demographics:

• The affected apps primarily target users in Asia and Europe.

Affected Apps:

• Some of the apps appeared to be legitimate services, such as food delivery apps like ComeCome, while others were designed to lure victims. Examples include AI chat apps AnyGPT and WeTink.

Source of Infection:

• Kaspersky could not confirm whether the infection was due to a supply chain attack or deliberate action by developers. Some apps, like food delivery services, seemed legitimate, while others were suspiciously designed to deceive users.

Current Status:

• Several of these affected apps are still available for download on the App Store as of this report.

For more details, you can refer to Kaspersky's full report.