"The malicious campaign, dubbed FakeWallet, has been ongoing since at least the fall of 2025, focused on stealing users' recovery phrases and private keys."
"Kaspersky identified a total of 26 such phishing applications that mimicked major wallets such as Bitpie, Coinbase, imToken, Ledger, MetaMask, TokenPocket, and Trust Wallet."
"The phishing applications were designed to open a link in the browser in an attempt to trick the user into installing infected versions of crypto wallets."
"Code analysis revealed the presence of functions to harvest users' recovery phrases and seed phrases, and to hijack the methods the app calls when users attempt to restore their hot wallets."
A malicious campaign named FakeWallet has been targeting iOS users since fall 2025, with over 26 fake cryptocurrency applications identified in the Apple App Store. These apps mimic legitimate wallet names and icons to deceive users, particularly in China where official wallets are restricted. Some apps entice users with banners for unavailable wallets. The malicious apps are designed to harvest recovery phrases and seed phrases, with potential for future updates to activate phishing features. The threat actors also linked other applications without phishing functionality to this campaign.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]