Apple has removed 11 apps from the App Store after cybersecurity firm Kaspersky revealed they were infected with a new malware strain known as "SparkCat." The malware, embedded in apps such as ComeCome, WeTink, and AnyGPT, had the capability to scan users' photos and extract sensitive information through OCR (Optical Character Recognition) technology.

The malicious framework specifically targeted recovery phrases for cryptocurrency wallets, with attackers aiming to steal Bitcoin and other digital assets. However, it could also be used to extract passwords and other sensitive data from images and screenshots stored on iPhones.

While Apple took swift action to remove the identified apps, the company also discovered 89 additional apps containing the same malicious code. These had previously been rejected or removed from the App Store for violating Apple’s fraud policies. As per Apple's security protocols, developer accounts associated with fraudulent activity were also terminated.

For these apps to function, they required user permission to access the Photo Library. If granted, the malware could sift through images, searching for key phrases outlined by attackers and uploading relevant data to a remote server. Kaspersky noted that the malware campaign appeared to target users primarily in Europe and Asia.

Apple has emphasized the importance of security features introduced in iOS 14, which allow users to grant access to only selected photos rather than their entire library. Additionally, the App Privacy Report, available in the Settings app, provides users with a log of how frequently apps access sensitive data such as photos, location, microphone, and camera.

To protect against such threats, users are advised to avoid granting unnecessary permissions to apps and to regularly review their device’s privacy settings.