Researchers Discover Apps on the App Store Infected with Advanced Malware

Mobile
Written By Angel Morales

Apple’s App Store is renowned for its strict policies on user privacy and security, yet new research from Kaspersky indicates that a group of malicious apps has managed to circumvent these safeguards. According to security researchers Dmitry Kalinin and Sergey Puzan at Kaspersky, several applications—available on both iOS and Android—contain hidden OCR (Optical Character Recognition) malware capable of scanning user screenshots and potentially extracting data such as cryptocurrency wallet recovery phrases. The team described this as “the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.”

How the Malware Operates

According to Kaspersky’s detailed analysis, the malware uses Google’s ML Kit library to recognize text in screenshots stored within the device’s gallery or photo library. Upon detecting specific keywords (such as those related to crypto wallet recovery seeds), it sends the relevant images to a remote command-and-control (C2) server for further exploitation.

“The Android malware module would decrypt and launch an OCR plug-in built with Google’s ML Kit library, and use that to recognize text it found in images inside the gallery,” the researchers wrote. “Images that matched keywords received from the C2 were sent to the server. The iOS-specific malicious module had a similar design and also relied on Google’s ML Kit library for OCR.”

Apps Found with Malware

The Kaspersky report highlights that some apps may be contaminated due to supply chain attacks, while others deliberately incorporate the malicious framework. Either way, several iOS apps remain active on the App Store despite their malicious nature. Identified examples include:

  • ComeCome, a food delivery application

  • AnyGPT and WeTink, AI chatbots

Although some of these apps appear legitimate at face value, others seem specifically crafted to lure unsuspecting users into downloading them.

Potential Impact and Response

This incident marks a significant breach in Apple’s otherwise robust security protocols and calls into question how effectively the App Store guidelines detect sophisticated malicious frameworks. The ability of these apps to read user screenshots—a core OS function typically trusted by users—adds to the severity of the threat. While it remains unclear whether the developers themselves introduced the malware or if they were unknowingly compromised, Kaspersky’s findings highlight the urgent need for Apple to review or strengthen its guidelines.


Have you ever worried about hidden functions in apps that access your screenshots or photos? Let us know what steps you think Apple should take next to prevent future infiltrations like these.

Angel Morales

Founder and lead writer at Duck-IT Tech News, and dedicated to delivering the latest news, reviews, and insights in the world of technology, gaming, and AI. With experience in the tech and business sectors, combining a deep passion for technology with a talent for clear and engaging writing

Previous

DeepSeek Temporarily Banned in South Korea Amid Government Security Concerns
Next

Metal Gear Solid Delta: Snake Eater Launches This August on PC and Consoles, PlayStation Store Listing and Trailer Reveal