Kaspersky has warned iPhone users about 26 fraudulent cryptocurrency wallet apps on Apple’s App Store that could lead to stolen digital assets.
These apps are designed to look authentic but ultimately redirect users to phishing pages, where they are tricked into installing malware that can drain their crypto funds.
Fake Apps Disguised as Trusted Wallets
Kaspersky’s Threat Research team discovered that the malicious apps mimic well known wallets such as MetaMask, Ledger, Trust Wallet, Coinbase, TokenPocket, imToken, and Bitpie. They replicate names and visual designs to appear legitimate.
Once launched, the apps redirect users to phishing pages that resemble the App Store. Users are then prompted to download another app, which is actually a compromised wallet capable of stealing funds.
How the Attack Unfolds
According to Kaspersky, the campaign has been active since at least late 2025 and is likely connected to the group behind SparkKitty, a known iOS malware strain.
Many official wallet apps are not available in the Chinese App Store, and most of the fake apps were distributed to users in China. However, the malicious payload does not have regional restrictions, meaning users in other countries could also be affected.
Kaspersky has reported all identified apps to Apple.
To avoid detection, these fake apps include simple unrelated features such as games, calculators, or task managers. This helps them pass initial review checks and appear harmless.
After installation, users are guided through steps that open a fake App Store page and encourage them to download what looks like the real wallet application.
Use of Developer Profiles to Install Malware
The process closely resembles the SparkKitty attack method and relies on Apple’s enterprise developer tools. Users are asked to install a developer profile on their device, which allows apps to be installed outside the App Store.
Attackers depend on users ignoring the risks of this step, which enables malicious software to be installed.
Once the trojanized wallet is in place, it behaves like the real wallet it imitates and targets both hot wallets and cold wallets.
Kaspersky expert Sergey Puzan explained that while the initial apps may not contain harmful code, they act as entry points in a larger attack chain that leads to malware installation. He warned that attackers can target any iOS device if users fall for the phishing process and advised users to stay cautious even on devices they consider secure.
Counterfeit Ledger Device Raises Additional Concerns
In a related case, a fake Ledger Nano S Plus device sold online was recently uncovered as part of a sophisticated phishing scheme by a Brazilian cybersecurity researcher.
The device appeared authentic and was priced like a genuine product, but it failed verification when connected to Ledger Live.
When examined internally, the hardware showed clear signs of tampering. It contained components that do not exist in legitimate devices, including a modified chip and added WiFi and Bluetooth antennas.
Further analysis of the firmware revealed that PIN codes and seed phrases were stored in plain text and linked to external servers, indicating that the device was built to capture and transmit sensitive data.
The researcher clarified that this attack does not exploit any weakness in Ledger’s security. Instead, it relies on counterfeit hardware, malicious applications, and phishing techniques to deceive users and steal their information.#crypto#cryptonews https://coinsignals.net https://t.me/coinsignalpublic
