- 26 fraudulent crypto wallet apps were found impersonating major platforms.
- Attackers use phishing and Apple developer tools to install malware.
- Even hardware wallets can be faked to steal sensitive crypto data.
A new investigation by cybersecurity firm Kaspersky has uncovered a coordinated phishing campaign involving 26 fake cryptocurrency wallet apps on Apple’s App Store. The fraudulent apps impersonate trusted platforms such as MetaMask, Ledger, Trust Wallet, and Coinbase, aiming to trick users into handing over access to their digital assets.
How the Fake Wallet Apps Trick Users
According to Kaspersky’s Threat Research team, the malicious apps closely replicate the branding and names of legitimate crypto wallets to appear authentic. Once downloaded, they prompt users to install a second application through a fake App Store interface. This second app is a trojanized wallet designed to steal funds.
The campaign has reportedly been active since late 2025 and shows similarities to the previously identified SparkKitty malware strain. While many of the apps were initially distributed in China—where official versions of some wallets are unavailable—the underlying attack method is not region-specific. This means users worldwide could be exposed.
Exploiting Apple’s Enterprise Tools
One of the more concerning aspects of the scheme is its use of Apple’s enterprise developer tools. Victims are guided to install a developer profile, allowing apps to be installed outside the App Store’s standard review process.
To evade detection, these fake apps often include harmless features like simple games or calculators. These additions help them pass Apple’s initial screening while masking their real intent. Once the trojanized wallet is installed, it mimics the behavior of legitimate apps, making it difficult for users to detect the threat.
Kaspersky researcher Sergey Puzan warned that the apps themselves may appear harmless but act as entry points in a broader attack chain. Attackers rely heavily on social engineering, counting on users to overlook security prompts during installation.
Counterfeit Hardware Adds to Threat Landscape
The report comes alongside another alarming discovery: a counterfeit Ledger Nano S Plus device sold online. A Brazilian cybersecurity researcher found that the device contained modified internal components, including unauthorized wireless modules and altered firmware.
Also Read: Apple Removes VPN Apps in Russia — Telegram CEO Sounds Alarm
Further analysis revealed that sensitive data such as PIN codes and seed phrases were stored in plain text and transmitted to external servers. Importantly, this was not due to a flaw in Ledger’s technology but rather a sophisticated phishing setup involving fake hardware and malicious software.
Kaspersky’s findings highlight the evolving tactics used by crypto scammers, combining fake apps, phishing pages, and even counterfeit hardware. As digital asset adoption grows, so does the sophistication of attacks. Users are advised to verify app sources, avoid installing unknown developer profiles, and remain cautious—even on trusted devices like iPhones.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
I’m a crypto enthusiast with a background in finance. I’m fascinated by the potential of crypto to disrupt traditional financial systems. I’m always on the lookout for new and innovative projects in the space. I believe that crypto has the potential to create a more equitable and inclusive financial system.
