FakeWallet Crypto Stealer Targets iOS Users via Phishing Apps

FakeWallet Crypto Stealer Targets iOS Users via Phishing Apps

First seen 20 Apr 2026, 09:57 UTC SecurelistKasperskyBleepingcomputersecurelist.comcoincodex.com 93% similarity 71.0

Article Content

Browse articles
ThreatCluster

In March 2026, Kaspersky identified over twenty phishing applications in the Apple App Store that impersonate popular cryptocurrency wallets. These malicious apps redirect users to fraudulent web pages that mimic the App Store and distribute trojanized versions of legitimate wallets, specifically designed to steal recovery phrases and private keys. The campaign has been active since at least fall 2025 and primarily affects users in China, where official crypto wallet apps are often unavailable. The attackers employ typosquatting techniques to bypass App Store filters, using similar icons and names to deceive users. Kaspersky has reported these findings to Apple, resulting in the removal of several malicious apps. The phishing apps contain stubs that appear legitimate but ultimately lead to malicious links. Victims who install these apps may unknowingly grant permissions that allow for the installation of further malicious software.

Key Points: • Over 20 phishing apps impersonating crypto wallets identified in the App Store. • Malicious apps primarily target users in China due to regional restrictions. • Attackers use typosquatting and stubs to deceive users into installing malware.

ThreatCluster AI

Timeline

2025-03-01
Campaign identified with over 20 phishing apps in the App Store.
2025-10-01
Malware campaign suspected to be active since fall 2025.
2026-04-20
Kaspersky reports findings and some apps removed from the App Store.

Community

Browse all →