SparkCat Malware Discovered in Apple App Store, Steals Screenshots and Crypto Data

A newly discovered strain of malware capable of secretly capturing screenshots from smartphones has made its way into Apple’s App Store—a potential first of its kind.

Dubbed “SparkCat,” the malware was identified late last year, hidden within an iOS app called “ComeCome-Chinese Food Delivery,” according to cybersecurity firm Kaspersky.

SparkCat operates by deploying a character-recognition tool that scans stored images for specific keywords. If the malware detects relevant terms, it transmits the image to a hacker-controlled server.

“The search terms indicated that the attackers were financially motivated, particularly targeting recovery phrases—also known as mnemonics—used to regain access to cryptocurrency wallets,” Kaspersky reported.

The investigation revealed that SparkCat searches for keywords in multiple languages, including Chinese, Japanese, Korean, English, Czech, French, Italian, Polish, and Portuguese—suggesting a focus on victims in Europe and Asia. Additionally, the malware is designed to steal other sensitive data from screenshots, such as passwords or private messages.

Other compromised iOS apps include “AnyGPT” and “WeTink.” Following Kaspersky’s findings, Apple removed 11 infected apps from the App Store. The company also confirmed that these apps shared code with 89 others, which have now been removed or rejected. The developer accounts behind them have been terminated.

Apple emphasized that since iOS 14, its PhotoKit API allows users to grant apps access to specific photos and videos rather than their entire library. The company reaffirmed its zero-tolerance policy for malicious activity and its commitment to user privacy and security.

Kaspersky initially uncovered the malware after detecting similar threats in infected apps on the Google Play Store. Those apps were downloaded over 242,000 times and were also distributed through third-party app stores.