🎯Basically, fake cryptocurrency apps are tricking users to steal their account information.
What Happened
Over two dozen fake cryptocurrency applications have been discovered on the Apple App Store, posing as legitimate wallets. This malicious campaign, dubbed FakeWallet, has been targeting iOS users since at least fall 2025. The apps were designed to steal users’ recovery phrases and private keys, making them highly dangerous for anyone involved in cryptocurrency.
How It Works
The malicious apps were first identified in March 2026, particularly in the Chinese App Store. With many official wallet applications unavailable in China due to restrictions, threat actors exploited this gap by mimicking popular wallet names and icons. They used a technique called typosquatting, which tricks users into downloading these fraudulent applications by creating lookalike names.
Kaspersky identified a total of 26 phishing applications that impersonated major wallets like Bitpie, Coinbase, and MetaMask. Some of these apps did not even use cryptocurrency-related names but instead lured users with banners promising access to official wallets. The malicious code was often embedded directly into the app's source code or delivered through libraries, enabling the theft of sensitive information.
Who's Being Targeted
While the primary focus appears to be on Chinese-speaking users, the malicious features of these apps do not have regional restrictions. Some phishing notifications adapted to the app’s language, indicating that users outside of China could also be at risk. This broad targeting raises concerns for cryptocurrency holders worldwide.
Signs of Infection
Users may notice unusual behavior from their cryptocurrency wallets, such as unexpected prompts for recovery phrases or links directing them to suspicious websites. If an app appears to be a wallet but is not from a recognized developer, it should be treated with caution.
How to Protect Yourself
To safeguard against these threats, users should:
Detection
- 1.Verify App Sources: Only download apps from official sources and check developer credentials.
- 2.Avoid Typosquatting: Be wary of apps with similar names to legitimate wallets.
Removal
- 3.Enable Two-Factor Authentication: Use additional security measures for your cryptocurrency accounts.
- 4.Report Suspicious Apps: Notify Apple or relevant authorities if you encounter any suspicious applications.
Conclusion
Apple has been alerted to the presence of these malicious apps and has begun removing them from the App Store. However, users must remain vigilant and proactive in protecting their cryptocurrency assets against such threats. The FakeWallet campaign serves as a stark reminder of the evolving tactics used by cybercriminals in the cryptocurrency space.
🔒 Pro insight: The FakeWallet campaign exemplifies how threat actors exploit regional app restrictions, making user awareness crucial in cybersecurity.
