Kaspersky researchers find screenshot-reading malware on the App Store and Google Play

Researchers from Kaspersky have identified malware being distributed within apps on both Android and iOS mobile storefronts. Dmitry Kalinin and Sergey Puzan shared their investigation into a malware campaign, which they have dubbed SparkCat, that has likely been active since March 2024.

"We cannot confirm with certainty whether the infection was a result of a supply chain attack or deliberate action by the developers," the pair wrote. "Some of the apps, such as food delivery services, appeared to be legitimate, whereas others apparently had been built to lure victims."

The Kaspersky duo said SparkCat is a stealthy operation that at a glance appears to be requesting normal or harmless permissions. Some of the apps where the pair uncovered malware are still available to download, including food delivery app ComeCome and AI chat apps AnyGPT and WeTink.

The malware in question uses optical character recognition (OCR) to ...