Kaspersky finds 26 fake crypto wallets in the App Store
The apps use phishing and malicious installs to steal user funds.
23.04.2026 - 10:45
222
3 min
0
Key points:
- Kaspersky identified 26 fake crypto wallets in the App Store posing as well-known services.
- The apps redirect users to phishing pages and install malicious wallets.
Kaspersky researchers have uncovered 26 fake crypto wallet apps in the Apple App Store. All of them mimic well-known services and are designed to steal users’ funds.
The apps copy the names and interfaces of popular wallets, including MetaMask, Trust Wallet, Ledger, and Coinbase. Once opened, they redirect users to a phishing page that prompts them to install an “update.” In reality, this is a malicious app that can access crypto assets.
How the Scheme Works
According to Kaspersky, the campaign has been active since at least fall 2025. Researchers have linked it to SparkKitty, a previously identified strain of iOS malware.
Many of the apps were distributed through the Chinese version of the App Store, where official versions of some wallets are unavailable. However, the campaign is not region-specific—users worldwide could be affected. Kaspersky has already reported the apps to Apple.
Ledger’s reputation under fire: wallet users lose nearly $10 million
The stolen funds were laundered through KuCoin using more than 150 one-time addresses. The incident comes amid a Ledger data breach, further deepening the trust crisis surrounding hardware wallets.
To pass App Store review, attackers include basic features like calculators or mini-games to make the apps appear legitimate. After installation, users are guided through a series of steps that ultimately lead to downloading a malicious wallet.
The scheme relies on Apple’s enterprise tools to install apps outside the App Store. Users are prompted to install a developer profile—this is the point where the device becomes compromised.
Once installed, the malicious wallet mimics the interface of the legitimate service and can access both hot and cold wallets.
Experts warn that even if an app appears safe, it may be part of a broader attack chain. The scheme relies on user inattention and trust in the iOS ecosystem.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$59 863
BTC
-0.6%
-
Ethereum
$1 564.43
ETH
-0.91%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.04
XRP
-1.14%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.073372
DOGE
-2.88%
-
Zcash
$386.89
ZEC
-5.54%
-
Stellar XLM
$0.171229
XLM
-1.64%
-
Cardano
$0.143855
ADA
-2.32%
-
Polkadot
$3.32
DOT
+5.27%