- Статьи
- Society
- Missing in the gallery: the first virus stealing data from iPhone photos has been found
Missing in the gallery: the first virus stealing data from iPhone photos has been found
Experts have discovered the first virus that can infiltrate the gallery on iPhones and steal data from photos. The program was spotted in 20 fake applications downloaded from the official App Store and Google Play, so owners of Android phones are also under threat. "Izvestia" found out what is dangerous new Trojan and how to protect yourself from it.
New Trojan
The first virus that steals data from photos in the iPhone, discovered by specialists of "Kaspersky Lab". The virus, named SparkCat, was spotted in fake applications downloaded from the official App Store and Google Play, the company told Izvestia.
The previously unknown Trojan was present in 20 different programs: messengers, AI assistants, applications for food delivery and for access to crypto exchanges (in them the virus can steal cryptocurrency wallet data). Cybersecurity expert Sergei Puzan called this the first case of malware stealing user data being integrated into apps in the official App Store.
- "This campaign shatters stereotypes that malicious iOS apps don't exist and Android threats are not relevant for Apple device owners," added Kaspersky Lab cybersecurity expert Dmitry Kalinin.
The company has notified Google and Apple about the presence of malicious apps. At the same time, SparkCat continues to spread on unofficial sites.
How the virus works
According to experts, so far the attacks of the new virus are aimed mainly at Android and iOS smartphone users in the UAE, Europe and Asia. But experts do not rule out that people in other regions, including Russia, may face a similar cyber threat. The programs in which the malicious module was embedded were downloaded more than 242 thousand times only from Google Play.
As explained in the LC, penetrating the phone, SparkCat requests access to view photos. Next, the virus analyzes the text on the images in the gallery using an optical character recognition (OCR) model.
- If the styler detects keywords, it sends the picture to the attackers. The attackers' goal is to find phrases to regain access to crypto wallets in order to get their hands on victims' digital assets. In addition, the malware can steal other data, such as the content of messages or passwords if they are in screenshots," Kaspersky Lab told Izvestia.
So far, experts have no information about how the programs got into official stores - whether they were infected as a result of a supply chain attack or whether the developers intentionally embedded the Trojan. According to Sergey Puzan, some services, such as food delivery, "looked legitimate, while others were obviously bait.
- The danger of the Trojan is precisely that it was able to penetrate official marketplaces. That said, permission to read the gallery the malware is trying to access is necessary for the app to work properly and is requested in the necessary places to do so, such as when contacting support. This can put to sleep the vigilance of both moderators on official sites and users," concluded Sergey Kalinin.
Danger of the scheme
Schemes using malicious code masquerading as real applications are not new - such cases have already been seen before. In this case, we can emphasize two specific features, said Alexander Samsonov, a leading expert of the development and testing department of the Security Code company, in a conversation with Izvestia.
- First, this is the first recorded case of a malicious application penetrating and spreading through the App Store. And this is a nonsense, as all programs entering the official app stores are thoroughly checked, so this incident may have a strong impact on the reputation of the App Store and Google Play, " the expert said. - Secondly, the very approach to choosing the attack vector is interesting. The target was images saved on the device.
After gaining access to the gallery, the malware analyzes the images to see if they contain text with relevant information regarding access to online services (crypto wallets) of users. In other words, the Trojan is configured to search for information that will give access to the victim's financial assets through screenshots, which is not very typical for VPOs.
As the expert explains, downloading a virus into a phone is dangerous for a person in any case - regardless of whether he has cryptocurrency wallets or not. Gadgets store almost all information about the owner: documents, bank account data, personal photos and videos - all of which can be compromised.
- The most obvious threats: the possibility of blackmail, if attackers get intimate photos, as well as theft of financial data, because many people take pictures of passwords and passport screens, " Samsonov explained.
According to him, the scheme itself with the analysis of applications is also new. Before that, only cases of malware penetration into stores that tracked geolocation, recorded sound from the microphone, and transmitted user photo and video information to servers were recorded. And that too carried a lot of threats to him.
Ways to protect yourself
Experts recommend using a reliable security solution on all your devices, including iOS and Android smartphones. It is also important to keep an eye on what is stored in the gallery - delete compromising photos and pictures with important data.
- You should not store screenshots with confidential information in the gallery. It is better to use special programs for this purpose - password managers, - said Sergey Puzan.
Besides, added Alexander Samsonov, an expert of "Security Code", you should install applications only from official stores. Despite the fact that malicious programs can be found in them as well, as you can see from the example, the degree of application verification is at a high level. When installing programs from unofficial sources, the chance of "running into" unwanted software is much higher.
Before downloading a program, it is important to pay attention to user reviews and rating of the application, as well as check links in official sources.
- Finally, if possible, you should limit the permissions that applications require. If the software asks for more than what the functionality suggests (why would a "flashlight" need geolocation?), it's a reason to be wary," Samsonov said.
If a person has downloaded an infected application (this can be evidenced by unusually high battery consumption, device slowdown, sudden crashes, pop-ups), Marina Probets, Internet analyst at Gazinformservice, advised to uninstall the software, reboot the phone, and then fully scan the gadget with an antivirus solution.
Переведено сервисом «Яндекс Переводчик»
