Crypto stealing wallet apps proliferate in Apple App Store

More than two dozen Apple App Store apps spoofing well-known cryptocurrency wallets Coinbase, Metamask, OneKey, and Trust Wallet, have been leveraged to pilfer seed phrases and cryptocurrency assets from Chinese users as part of the FakeWallet attack campaign that has been linked to the ongoing SparkKitty operation, reports BleepingComputer.

Opening each of the 26 fraudulent crypto wallet apps, all of which have since been removed by Apple, diverts to phishing pages impersonating legitimate crypto service portals that trick targets into downloading malicious wallet apps through iOS provisioning profiles, a technique evident in the SparkKitty campaign, an analysis from Kaspersky researchers showed. Included in the trojanized apps were additional code enabling the mnemonic phrase interception, encryption, and exfiltration. Attackers could then harness the stolen phrases to drain wallets while making fund recovery impossible.

While Chinese users were primarily subjected to the campaign, operators may opt to use the malware, which has no geographic restrictions, in global intrusions. Such a development comes after an illicit Ledger Live app on the Apple App Store was reported to have enabled the theft of $9.5 million worth of cryptocurrency from 50 macOS users.