Kaspersky researchers have detected malicious software in some applications in both Android and iOS mobile stores. Dmitry Kalinin and Sergey Puzan play his research on a malware, which they call Sparkcat and probably active since March 2024.

Researchers could not confirm whether malware infected with a supply chain attack or the deliberate action of developers. The duo said that some food distribution applications infected by Malware seem to be legitimate applications, while others are applications to attract victims.

Detected in food and artificial intelligence applications

Kaspersky team said that Sparkcat carried out a secret operation and at first glance seems to be demanding normal or harmless permissions. Some applications that the duo reveal the malicious software are still downloaded. These include the food order app and artificial intelligence applications AnyGPT and Wethink.

Access to crypto currency wallets with OCR method

The malicious software mentioned is looking for screenshots of recovery statements of crypto currency wallets using the optical character recognition (OCR) technology to examine the photo gallery of a device. According to their assessments, infected Google Play applications have been downloaded more than 242,000 times. Kaspersky, “This, Apple’s official application market OCR spy software infected with an infected application is known to be known.” says.

Apple often emphasizes that the App Store has strict security measures. However, although this attack is rarely, the Apple ecosystem shows us that it is not completely resistant to attacks.