Apple Removed Apps Infested With Screen Reading Malware

[MacRumors]

Information on new "SparkCat" malware infesting a small number of iOS apps was shared yesterday by Kaspersky, and shortly after the report came out, Apple said that it pulled the offending apps from its App Stores in various countries.

Some of the apps that had hidden malware included ComeCome, WeTink, and AnyGPT. 11 apps were removed in total, but when removing the apps, Apple says that it found another 89 with the same code that had been previously rejected or removed from the App Store for violating Apple's fraud policies. When an app is removed for fraud, Apple terminates the associated developer account.

As outlined by Kaspersky, the apps used a malicious framework with OCR capabilities designed to suss out sensitive information in images and screenshots stored on iPhones. Recovery phrases for crypto wallets were a specific target, with attackers aiming to steal bitcoin and other cryptocurrency, but the malware could target other phrases like passwords.

By default, Apple blocks access to a user's photos, so the apps would have needed express user consent to operate. If given permission to access a Photo Library, the apps could scan through the images to look for key phrases outlined by the attackers. If an image with a relevant phrase was found, it was uploaded to a remote server. Kaspersky found that the malware was likely targeting iOS users in Europe and Asia.

It is worth noting that Apple added granular control over the images that an app is able to access back in iOS 14, and there is an option to provide access to a limited number of images rather than an entire library. It is a good idea to avoid apps that seem sketchy, and to refrain from giving an app access to all of your images.

Apple also provides an App Privacy Report that outlines all of the instances when an app accesses sensitive data like location, images, camera, and microphone. The App Private Report can be found in the Privacy section of the Settings app.

Article Link: Apple Removed Apps Infested With Screen Reading Malware

 

[UpsideDownEclair]

Buh? But the App Store splash screen told ME it was a safe, trusted place!!!!!1!

 

[jz0309]

good move

 

[AppliedMicro]

It is worth noting that Apple

“… when removing the apps, Apple found another 89 with the same code that had been previously rejected or removed from the ‌App Store‌ for violating Apple's fraud policies“

 

[HiVolt]

How does Kaspersky find this and not Apple? if the same code was rejected or removed before how did these apps get approved?

 

[sw1tcher]

11 apps were removed in total, but when removing the apps, Apple found another 89 with the same code that had been previously rejected or removed from the App Store

Well, that's just embarrassing.

 

[sw1tcher]

How does Kaspersky find this and not Apple? if the same code was rejected or removed before how did these apps get approved?

Apple's claim that they carefully review all apps before approving them and that their App Store is 100% safe is an illusion.

No way Apple has enough resources to review all apps. The amount of employees and time needed to do this is ridiculously high.

 

[Jetscreamer]

The wall garden is impenetrable.

 

[I7guy]

Buh? But the App Store splash screen told ME it was a safe, trusted place!!!!!1!

I know right. They also claimed flying is safe.

 

[I7guy]

Apple's claim that they carefully review all apps before approving them and that their App Store is 100% safe is an illusion.

No way Apple has enough resources to review all apps. The amount of employees and time needed to do this is ridiculously high.

Yeah for sure it’s a cat and mouse game. The App Store is safe is an illusion the same way flying is safe is an illusion.

 

[HiVolt]

Apple's claim that they carefully review all apps before approving them and that their App Store is 100% safe is an illusion.

No way Apple has enough resources to review all apps. The amount of employees and time needed to do this is ridiculously high.

Yeah their claim that they are the only steward capable of safeguarding us from malicious apps has been thoroughly debunked many times over.

I don't doubt that much of the initial process is automated with some kind of AI driven analysis of the code. Then if rejected and the dev disputes it then actual people get involved.

 

[Love-hate 🍏 relationship]

Makes me wonder if alt marketplace are more prone to this kind of threats

I'd assume not since apps still have to be notarized by apple

 

[turbineseaplane]

Makes me wonder if alt marketplace are more prone to this kind of threats

I'd assume not since apps still have to be notarized by apple

Less prone. They benefit from security by obscurity and far less incentive for hacks, even if successful, as the tiny numbers makes the juice not worth the squeeze.

The "walled garden" and the outsized trust too many consumers put in it, actually makes it a SUPER high value target.

... once you're in, you've got ripe targets that have their guard down

 

[Love-hate 🍏 relationship]

Less prone -- security by obscurity

The "walled garden" and the outsized trust too many consumers put in it, actually makes it a SUPER high value target.

... once you're in, you've got ripe targets that have their guard down

Good point

 

[nt5672]

How does Kaspersky find this and not Apple? if the same code was rejected or removed before how did these apps get approved?

Because Apple is all about image, not functionality.

 

[I7guy]

Less prone. They benefit from security by obscurity and far less incentive for hacks, even if successful, as the tiny numbers makes the juice not worth the squeeze.

The "walled garden" and the outsized trust too many consumers put in it, actually makes it a SUPER high value target.

... once you're in, you've got ripe targets that have their guard down

More prone. This is a harbinger of what will happen in the EU. The App Store is safe, the same way flying is safe. If Apple can’t be at the front of the car and mouse games, the alt-stores won’t either. (Unless Sweeney hand checks everything or your favorite eu adult app contains questionable stuff)

 

[SoldOnApple]

I didn't even give Instagram or FB access too all my photos for many, many years. But I got tired of manually approving every single photo I wanted to upload, and I figured Facebook is a big enough corporation that if they did anything sus with access to all our photos then someone would have called them out for it by now. I wish Apple would limit access to the app, but allow access for us to choose which photos to upload. Why does Facebook need access to all photos just for us to browse our own photos to attach a single one to a post?

 

[antiprotest]

I have no more to say other than to register my disappointment in Apple. Good night everyone. 😴

 

[2128506]

It's good, that App Store review process protected us all these years!

P.S. They did not approve a porn app, I hear.

 

[svish]

Good to hear about this. Hopefully the app review process strengthens and such issues do not occur in the future.

 

[sevoneone]

“… when removing the apps, Apple found another 89 with the same code that had been previously rejected or removed from the ‌App Store‌ for violating Apple's fraud policies“

I am taking that to mean that the other 89 apps were removed for fraud reasons unrelated to this code and now that Apple knows that this code exists they can actively scan for it and remove it. Not that Apple was previously aware of the code and missed these 11 apps. Though the number of “FakeGPT” and other low quality trash apps is really getting concerning. Apple needs to clean house. We’re way past anyone caring how many Apps are in your AppStore. If a couple million vanished, not a single person would notice. And if they started holding apps to the same standards that they used to, these scammers wouldn’t try a frequently.

 

[AppliedMicro]

More prone. This is a harbinger of what will happen in the EU. The App Store is safe, the same way flying is safe. If Apple can’t be at the front of the car and mouse games, the alt-stores won’t either

Less prone. Cause there would be two entities that can review the code rather than just one.
Also, a third-party store has a reputation to lose - whereas Apple has a de facto monopoly.

And someone can create a store that has a carefully curated selection of apps by trustworthy developers. With whom they’ve built long-lasting business relationships (SetApp is, I believe, an example of that).

Apple, on the other hand, apply similar judgment and discernment to customer selection as a cheap prostitute:
They’ll let everyone in to and “do it” with them - especially as long as it makes them money.
(and at $99 dollars for the developer subscription, Apple is in fact cheaper)

 

[subjonas]

Apple's claim that they carefully review all apps before approving them and that their App Store is 100% safe is an illusion.

Apple claimed the App Store is 100% safe? Are you sure you’re not putting words in their mouth? If you provide a real reference for this, I’ll be humbled and also very surprised at Apple for making an impossible claim.

 

[subjonas]

Less prone. They benefit from security by obscurity and far less incentive for hacks, even if successful, as the tiny numbers makes the juice not worth the squeeze.

The "walled garden" and the outsized trust too many consumers put in it, actually makes it a SUPER high value target.

... once you're in, you've got ripe targets that have their guard down

Having nothing of value is a great theft deterrent, but then you also have nothing of value. I’m pretty sure alt app stores don’t want to be obscure forever. So the real question is if/when they ever get big, will they be able to compete with Apple’s security?

 

[mrr]

Is there a full list of the apps that they pulled?