iPhone Users Beware: Kaspersky Flags 26 Fake Crypto Wallet Apps That Could Drain Your Funds

Cybersecurity firm Kaspersky has identified 26 fraudulent cryptocurrency wallet applications on Apple’s App Store that are designed to steal users’ digital assets. The company’s Threat Research team found that the apps imitate popular crypto wallets, such as MetaMask, Ledger, Trust Wallet, Coinbase, TokenPocket, imToken, and Bitpie, by copying their names and visual branding to appear legitimate. Once opened, these applications redirect users to phishing pages that resemble the App Store interface and prompt them to download a second application, which is actually a trojanized wallet that can drain cryptocurrency funds. How The Scam Works Kaspersky said the campaign has been active since at least fall 2025 and, with “moderate confidence,” linked it to the threat actors behind SparkKitty, a previously identified iOS malware strain. Official versions of many of these wallet apps are not available in the Chinese iOS App Store; most of the detected phishing apps were distributed specifically to users in China, though the malicious payload itself does not include regional restrictions. This essentially means that users outside China could also be affected. Kaspersky confirmed it has reported all identified apps to Apple. According to the findings, the fraudulent apps include basic, unrelated features such as games, calculators, or task managers to create an appearance of legitimacy and pass initial scrutiny. After installation, they guide users through a process that opens a fake App Store webpage and encourages them to download what appears to be the intended wallet application. This installation process works similarly to SparkKitty, using Apple’s enterprise developer tools for corporate app distribution. Users are prompted to install a developer profile on their device, which allows them to install apps from outside the App Store. Attackers rely on users overlooking this step, enabling the installation of malicious software. Once installed, the trojanized wallet ap...