Kaspersky is informing about a novel form of mobile malware.

This particular malware employs optical character recognition (OCR) to scrutinize a device’s image gallery, searching for screenshots of recovery phrases associated with crypto wallets. According to their evaluation, compromised Google Play applications have been installed over 242,000 times. Kaspersky states: “This represents the first identified instance of an application harboring OCR spyware located in Apple’s official app store.”

That’s a strategy I haven’t encountered before.