26 Trojan Crypto Wallet Apps Infiltrated Apple's App Store, Kaspersky Warns

Cybersecurity firm Kaspersky has flagged 26 counterfeit iOS applications posing as popular crypto wallets and built to drain user funds.

Fake Wallet Apps Exposed

The apps cloned the branding of MetaMask, Ledger, Trust Wallet, Coinbase, TokenPocket, imToken and Bitpie, according to findings published by Kaspersky's Threat Research team.

Once opened, the apps redirected users to phishing pages that mimicked the App Store and pushed a second, trojanized wallet. The outer shells carried stub features like calculators, games or task managers to slip past Apple's review.

Kaspersky tied the campaign, dubbed FakeWallet, to the SparkKitty operators with moderate confidence and traced activity back to fall 2025. Apple has since removed the apps after Kaspersky's disclosure.

Also Read:$292M KelpDAO Hack Highlights Ethereum Weakness, Hoskinson Says

SparkKitty Threat Widens

Sergey Puzan, a mobile malware expert at Kaspersky, warned that more trojanized crypto apps could surface using the same tactic, and urged iPhone owners not to treat the device as inherently safe.

Security researchers at SecurityWeeknoted most detections hit Chinese users, yet the malware itself carries no regional limits.

Apple's app ecosystem has faced mounting scrutiny over crypto fraud. Last week, a separate fake Ledger app on the store was reported to have drained $9.5 million from 50 macOS users, underscoring a pattern of wallet impersonation slipping through official review channels in recent months.

Read Next:CHIP Volume Now Outpaces Market Cap As Traders Pile In