ACCORDING to Kaspersky, over two dozen fake cryptocurrency applications targeting iOS have been published to the Apple App Store, in a campaign dubbed FakeWallet that has been ongoing since at least the fall of 2025. The 26 phishing apps mimicked major wallets such as Bitpie, Coinbase, imToken, Ledger, MetaMask, TokenPocket, and Trust Wallet, with some others not using crypto-related names but still enticing users to download forged wallets.
The attackers began to notice in March, after the apps appeared frequently in search results on the Chinese App Store, and researchers say the threat actor used typosquatting to impersonate legitimate wallet providers. The phishing apps were designed to harvest recovery phrases and seed phrases and to hijack wallet restoration methods, with some implants also targeting Ledger cold wallets.
The campaign’s threat actor appears linked to the SparkKitty malware identified last year, and Apple has been informed and is removing the malicious apps, according to SecurityWeek. The article, written by Ionut Arghire, was published on 21 April 2026.