Kaspersky researchers uncovered a malicious app called ComeCome, available in both the Apple App Store and Google Play Store, that is equipped with optical character recognition (OCR) spyware. This malware is designed to extract cryptocurrency wallet recovery phrases from screenshots, enabling attackers to access and steal funds from victims' crypto wallets. Despite rigorous screening by app stores, this type of malware managed to infiltrate, highlighting vulnerabilities in both iOS and Android platforms. The case emphasizes the importance of keeping sensitive information like seed phrases offline and secure from such threats.
Our investigation revealed that the attackers were targeting crypto wallet recovery phrases, which were sufficient for gaining full control over a victim's crypto wallet to steal the funds.
This case once again shatters the myth that iOS is somehow impervious to threats posed by malicious apps.
Collection
[
|
...
]