The Apple App Store features its first spyware app containing optical character recognition (OCR) technology according to Kaspersky Lab experts who explain that the app stealthily targets cryptocurrency theft. According to The Register.
First of Its Kind: Kaspersky Discovers Malicious App on Apple App Store Using OCR for Cryptocurrency Theft
Hundreds of apps in the Apple Store and Google Play Store contain malware affecting the delivery service ComeCome. The electronic application from Comecome exposes users wallet cryptocurrency password information for criminal acquisition as reported by Kaspersky experts Dmitry Kalinin and Sergey Buzan.
The researchers discovered that the Kam Kam application included a set of malware tools which contained secret OCR functionality. The application performance depends on this technology that functions to read image contents. The program searches for images within the user's phone filesystem with particular emphasis on screenshot files to obtain images containing cryptocurrency wallet login credentials. Access to these wallets requires only the use of passwords as the authentication method rather than email or phone number protocols. These sequences contain 12 randomly selected words which users must enter precisely to enter the system.
SparkCat Malware Targets Cryptocurrency Wallets Using OCR in Apple App Store, Reveals Kaspersky
When the passwords appear in OCR's target images then the system will obtain text from those images. The stolen passwords are transmitted from the spyware to the fraudster operators of the app. Attackers who stole passwords could unlock cryptocurrency wallets while hiding from the victim who is responsible for the theft.
According to the Kaspersky team members “the attackers targeted cryptocurrency wallet login credentials that enabled attackers to access wallets fully and extract funds from them.”
The team pointed out that hazardous apps which target crypto theft through OCR scams manage to enter both Apple App Store and Google Play Store since their checks only reveal a lack of malware signs and a seemingly non-threatening interface.
The research team used this case to show why iOS is not immune to harmful applications.
The researchers Kalnin and Buzan named this malicious software SparkCat which adapts to perform extensive theft operations. The malware executes beyond wallet password theft by stealing all sensitive photo gallery information including messages and login credentials.
Kaspersky revealed that “The cryptojacking attempt focuses mainly on Android and iPhone users based in Europe and Asia” while concluding “We've discovered that more than one application from the Google Play Store includes cybercats and their total user downloads exceed 242,000.” According to The Register.
The analytic team failed to establish either the supply chain infiltration or a developer-originated insert of CyberKat malware into the app. Apple performed an update to remove KamKam from its store together with other similar apps which disappeared from the Google Play platform.
