Saturday 04 July 2026 18:32:51 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

Security Awareness & Social Engineering

Crypto Wolves in Apple’s Orchard: Fake Wallet Apps Slip Past App Store Defenses

Published: 21 April 2026 17:03Category: Security Awareness & Social EngineeringGeo: AsiaAuthor: AUDITWOLF

A sophisticated phishing campaign has infiltrated the Apple App Store, targeting crypto users with bogus wallet apps designed to steal their digital fortunes.

When you think of the Apple App Store, security is supposed to be a given. But in a digital heist reminiscent of a high-stakes thriller, cybercriminals have managed to sneak dozens of malicious cryptocurrency wallet apps past Apple’s famed review process-leaving users’ digital assets dangerously exposed.

The FakeWallet campaign, first flagged by cybersecurity firm Kaspersky, exploited a gap in the Chinese App Store: with many official wallet apps banned in China, scammers seized the opportunity to mimic legitimate brands like Coinbase, MetaMask, Ledger, and Trust Wallet. Using lookalike names, icons, and even subtle typos, the malicious apps surfaced in search results, luring users searching for trusted crypto solutions.

But the deception didn’t stop at appearances. Once installed, these apps deployed code that harvested users’ recovery phrases and private keys-the digital equivalents of a safe’s combination. By hijacking the wallet restoration process, the malware could silently intercept sensitive information, granting attackers access to victims’ funds. Some apps even targeted cold wallets, including popular hardware devices like Ledger, by tricking users into visiting fake websites and downloading compromised software.

While the campaign initially focused on Chinese speakers, Kaspersky’s analysis revealed that the malicious code was adaptable, with phishing messages automatically switching languages based on the user’s device. This suggests that anyone, anywhere, searching for crypto wallet apps on the App Store could be at risk.

Further investigation linked the campaign to the SparkKitty malware family-known for its focus on cryptocurrency theft and its use of Chinese-language code. Notably, some apps in the scheme appeared benign at first glance, but Kaspersky’s experts believe hidden malicious features could be remotely activated in future updates, turning sleeper apps into active threats overnight.

Apple, informed by the researchers, has begun purging the rogue apps from its store. Yet the incident raises uncomfortable questions about the limits of even the most stringent app marketplace defenses-and the ever-evolving tactics of cybercriminals hungry for crypto spoils.

As digital assets go mainstream, the battleground between security and subterfuge is only intensifying. This latest breach is a chilling reminder: in the world of crypto, trust must be earned-and double-checked, even in walled gardens like the App Store.

WIKICROOK

  • Recovery Phrase: A recovery phrase is a set of words that lets you restore and control a crypto wallet. Anyone with it can access the wallet’s funds.
  • Private Key: A private key is a secret code that gives access and control over digital assets or cryptocurrency wallets; anyone with it can access the funds.
  • Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
  • Typosquatting: Typosquatting is when attackers use lookalike names of trusted sites or software to trick users into visiting fake sites or downloading malware.
  • Cold Wallet: A cold wallet securely stores cryptocurrency offline, protecting it from online hacks and unauthorized access by keeping private keys disconnected from the internet.