Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims www.theregister.com/2025/02/0…

Kaspersky eggheads say they’ve spotted the first app containing hidden optical character recognition spyware in Apple’s App Store. Cunningly, the software nasty is designed to steal cryptocurrency.

The researchers found the malware in an iOS app called ComeCome, which is also available from Google’s Play store, and claims to offer food delivery services. According to Kaspersky’s Dmitry Kalinin and Sergey Puzan, the application also delivers the keys to victims’ crypto holdings to crooks.

The cryptocurrency-stealing effort targets “at a minimum” Android and iOS users in Europe and Asia, says Team Kaspersky. More than one app in the Google Play store contains SparkCat, we’re told, and these were downloaded more than 242,000 times. Neither Google nor Apple responded to The Register’s requests for comment.

The analysts cannot confirm whether SparkCat was slipped into these applications in a supply-chain attack or as a deliberate act by the apps' developers. Apple has removed the malicious ComeCome application from the iOS store, says Kaspersky. We note it’s also disappeared from Google Play along with others named by the Russian lab.