A SIMPLE iPhone mistake made by millions could result in owners' banks being raided via rogue apps. The malware can be innocently downloaded from the App Store onto any iOS product, including iPads - and allows hackers to "see everything on your screen", experts warned. This is particularly problematic if you keep screenshots of your passwords on your phone - a technique used by many to keep track of their details.
![[Hooded figure using a laptop, obscured by a background of cascading numbers.]](https://www.thesun.co.uk/wp-content/uploads/2025/02/mountain-parker-hooded-man-hacker-911629714.jpg?strip=all&w=960)
An investigation by cybersecurity company Kaspersky revealed that this malware, nicknamed "SparkCat", is designed to scout out sensitive information within screenshots. As well as passwords to bank accounts, it can also mine for crypto information such as recovery phrases for crypto wallets. This means the scammers can steal bitcoin and other cryptocurrency. The dodgy software works by asking users for permission to access photos on the device.
![[Finger touching App Store icon on an iPad screen.]](https://www.thesun.co.uk/wp-content/uploads/2025/02/clicking-app-store-icon-new-739469505.jpg?strip=all&w=960){kind=icon}
It then uses spyware to sift through all the files for desirable information. The issue has been made worse by the fact that many iOS users believe their devices to be immune from cyber-attacks, the experts added. They added that SparkCat, which is specific to iOS, has been around since around March last year. However, similar malware targeting other types of device - such as Androids and PCs - has been around for longer.
It comes after mobile banking customers were issued an urgent alert over a new "trick" that can drain accounts of money within seconds. The scam works by cloning the bank's phone number - gaining trust from customers by telling them to look up the number online. They also use the same hold music to add to the illusion. The crooks then pretend to be from the bank's fraud team - and ask for victims' bank details.
One jeweller lost £50,000 in such a scam, after scammers rang him pretended to be from Barclays. The businessman, who is in his 70s, said the long-established family-run jewellers is still recovering from the financial shock. The caller warned him of unusual activity on his account - as a payment of £18,123 had been paid to Energy One Limited. “I checked it was a genuine Barclays number, and they asked me to confirm my overdraft limit for security reasons,” said the jeweller.
“They even used the same horrible hold music that Barclays play, which I’ve heard so many times before in legitimate circumstances. There seemed no reason to think it was not them.”. Believing he was now speaking to ‘Charlie Adams’ from the Barclays fraud team, the victim was instructed to log in to his business bank accounts on his desktop computer. From there he unknowingly downloaded AnyDesk, a programme that gives third parties access to your computer - and the fraudsters subsequently managed to withdraw £48,451.78 from two accounts.
