Securelist
FakeWallet Crypto Stealer Targets iOS Users via Phishing Apps
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In March 2026, Kaspersky identified over twenty phishing applications in the Apple App Store that impersonate popular cryptocurrency wallets. These malicious apps redirect users to fraudulent web pages that mimic the App Store and distribute trojanized versions of legitimate wallets, specifically designed to steal recovery phrases and private keys. The campaign has been active since at least fall 2025 and primarily affects users in China, where official crypto wallet apps are often unavailable. The attackers employ typosquatting techniques to bypass App Store filters, using similar icons and names to deceive users. Kaspersky has reported these findings to Apple, resulting in the removal of several malicious apps. The phishing apps contain stubs that appear legitimate but ultimately lead to malicious links. Victims who install these apps may unknowingly grant permissions that allow for the installation of further malicious software.
Key Points: • Over 20 phishing apps impersonating crypto wallets identified in the App Store. • Malicious apps primarily target users in China due to regional restrictions. • Attackers use typosquatting and stubs to deceive users into installing malware.