Top Highlights
- Malicious apps impersonating popular cryptocurrency wallets on the Apple App Store have been used since 2025 to steal recovery phrases and private keys, employing phishing and trojanized app techniques.
- Attackers leverage fake apps with typos and misleading icons, redirecting users to phishing sites or injecting malicious code to exfiltrate wallet mnemonics.
- The Android malware framework MiningDropper combines cryptocurrency mining with data theft and remote access, using layered obfuscation and multi-stage payloads to evade detection and facilitate monetization.
Threat, Attack Techniques, and Targets
Cybersecurity researchers found 26 fake cryptocurrency wallet apps on the Apple App Store. These apps pretend to be popular wallets like MetaMask, Ledger, and Trust Wallet. They aim to steal users’ recovery phrases and private keys. The apps have icons that look similar to real wallet apps, but with small typos. Some apps claim to be unavailable in the App Store due to regulations and are used as placeholders. The apps redirect users to fake browser pages that imitate the real app or the App Store. They trick users into entering sensitive information or download malicious versions of legitimate wallets. The threat actors deliver their malware through library injection or by modifying the app’s original code. It is suspected that Chinese-speaking hackers are behind the campaigns. Their goal is to capture seed phrases, send them to external servers, and take control of victims’ crypto wallets. They also use optical character recognition (OCR) to steal recovery phrases.
Impact, Security Implications, and Remediation Guidance
These fake apps pose serious security risks. They can lead to theft of cryptocurrency assets and loss of funds. Victims may unknowingly give hackers access to their wallets. The apps’ tactics show that attackers are becoming more sophisticated. They use phishing notifications, embedded malware, and fake websites to deceive users. As a result, users should be very cautious when downloading wallet apps. Removing these malicious apps is important. Since many have been taken down by Apple, users should ensure they only install apps from trusted sources. If users suspect they have installed a fake app or have been compromised, they should seek guidance from the app vendor or trusted cybersecurity sources. It is essential to stay informed and follow best security practices.
Expand Your Tech Knowledge
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Discover archived knowledge and digital history on the Internet Archive.
ThreatIntel-V1
