BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Fake Apps on Apple Store Steal Crypto Keys

FakeWallet and MiningDropper malware target crypto wallets on iOS and Android

  • Researchers discovered 26 malicious apps on the Apple App Store, dubbed FakeWallet, designed to steal cryptocurrency wallet recovery phrases and private keys.
  • The scam, active since at least fall 2025, cleverly mimicked major wallets like Bitpie, Coinbase, and Ledger to deceive users.
  • In a separate development, cybersecurity experts identified MiningDropper, a sophisticated Android malware framework combining coin mining with information theft.
  • The threat actors employed new tactics, from abusing iOS provisioning profiles to using phishing apps directly in the App Store to deliver their payloads.

Cybersecurity researchers from Kaspersky have uncovered a cluster of malicious apps on Apple’s official App Store that impersonate popular cryptocurrency wallets to steal sensitive user data, a campaign active since at least the fall of 2025. These apps, primarily available to users with Apple accounts set to China, represent a significant escalation in mobile-based crypto-theft schemes targeting both hot and cold storage solutions.

- Advertisement -

Dubbed FakeWallet, the 26 apps mimicked wallets from providers like MetaMask, Trust Wallet, and Ledger using typos in their names and copied icons. However, Kaspersky researcher Sergey Puzan explained that “once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets.”

The infected applications were engineered to hijack recovery phrases either by code injection or by presenting fake verification pages. Consequently, the stolen mnemonic phrases were exfiltrated to external servers, granting attackers full control to drain victims’ digital assets.

This campaign is suspected to be linked to actors behind the SparkKitty trojan, as both operations target cryptocurrency assets and appear to be the work of native Chinese speakers. Meanwhile, the discovery of FakeWallet coincides with a report on a separate, sophisticated Android threat.

Cybersecurity firm Cyble has detailed a new Android malware delivery framework called MiningDropper. This modular malware, distributed via trojanized apps and fake banking websites, combines cryptocurrency mining with capabilities for information theft and remote access. According to Cyble, who published the analysis, “MiningDropper employs a multi-stage payload delivery architecture that combines XOR-based native obfuscation, AES-encrypted payload staging, dynamic DEX loading, and anti-emulation techniques.”

- Advertisement -

The framework demonstrates a layered architecture designed to complicate analysis while providing flexibility in final payload delivery. This dual-threat landscape underscores the evolving sophistication of malware targeting cryptocurrency users on mobile platforms.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

CISA Adds Critical Microsoft SharePoint Flaw CVE-2026-58644 to KEV Catalog

CISA added a critical Microsoft SharePoint Server vulnerability, CVE-2026-58644, to its Known Exploited Vulnerabilities...

Bitcoin Bears Strike Again: BTC Rejected at $64k

Bitcoin (BTC) faced another rejection at the $64,000 resistance level, falling 1.7% in the...

Black: SpaceX acquiring Tesla would dilute shareholders 25%

Gary Black rejected speculation that SpaceX could acquire Tesla, warning such a deal could...

Bybit launches Indonesia platform after acquiring NOBI

Bybit launched a locally operated platform in Indonesia after acquiring a majority stake in...

Bitcoin Futures Liquidity Drives Price Action Near Key $64K Level

Bitcoin's short-term price action is increasingly driven by futures market activity, with prices gravitating...

Must Read

8 Best Bitcoin Offshore Hosting Providers

In this blog post, we'll list the top 8 best bitcoin offshore hosting providers that accept Bitcoin and other cryptocurrencies.As Bitcoin continues to grow...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading