Warning to Traders: 26 FakeWallets Found on the App Store!

2026-05-02
Warning to Traders: 26 FakeWallets Found on the App Store!

A new warning has shaken the crypto community after researchers found 26 fake crypto wallet apps on Apple’s App Store. The apps were designed to look like trusted wallet brands, but their real purpose was to steal seed phrases and private keys. 

For traders, the discovery is a sharp reminder that a familiar logo is not enough. In crypto, one wrong download can give criminals full access to a wallet and every asset inside it.

Key Takeaways

  • Researchers found 26 FakeWallet apps on Apple’s App Store.
  • The apps targeted seed phrases and private keys.
  • Traders should only download wallets from verified official sources.

sign up on Bitrue and get prize

Trade with confidence. Bitrue is a secure and trusted crypto trading platform for buying, selling, and trading Bitcoin and altcoins.

Register Now to Claim Your Prize!

FakeWallet Apps Target Popular Crypto Wallet Users

crypto wallet.

Kaspersky Threat Research reported that the 26 fraudulent apps copied well known crypto wallet brands, including MetaMask, Ledger, Trust Wallet, Coinbase, TokenPocket, imToken, and Bitpie. 

The campaign has been active since at least fall 2025, and Kaspersky said it reported the malicious apps to Apple.

The FakeWallet campaign used a simple but dangerous trick. Some apps copied the icons and names of real wallets, while others used harmless looking features such as games, calculators, or task planners to appear safe. 

Once opened, the apps directed users to fake pages that looked like the App Store and pushed them to install a harmful version of a wallet. 

Read also: Rakuten Wallet Integrates XRP for 44 Million Japanese Users

How the Attack Worked

The goal was to capture a user’s recovery phrase, also known as a seed phrase. This phrase is the master key to a crypto wallet. Anyone who has it can often restore the wallet on another device and move the funds.

Kaspersky said the harmful apps were built to target both hot wallets and cold wallets. For hot wallets, the malware watched the screen where users created or recovered a wallet. 

For cold wallet users, the attackers relied more on phishing, asking victims to enter a seed phrase even though a legitimate cold wallet app should not request it. 

The stolen phrases could then be sent to an outside server. Once attackers received the phrase or private key, they could take control of the wallet, drain crypto assets, or start fraudulent transactions. 

BitrueAlpha.webp

Why This Case Matters

The case is serious because the apps appeared inside Apple’s App Store, a place many users trust by default. 

Kaspersky noted that most of the detected phishing apps were available to users with Apple accounts set to China, but the harmful apps themselves did not have regional limits. This means users outside China could also be exposed if they installed them through the same route. 

Many of the apps have since been removed after disclosure, and The Hacker News reported that there was no evidence of the same apps being distributed through Google Play. 

Still, the incident shows that traders should not rely only on app store screening when protecting digital assets. 

Read also: Understanding Stone Wallet QR Payments: New Features

Link to Earlier Malware Activity

Kaspersky attributed the campaign with moderate confidence to actors behind SparkKitty, a prior mobile malware campaign. 

Researchers also found signs of optical character recognition tools, which can read text from images and may be used to search for wallet recovery phrases saved in screenshots. 

A separate mobile threat was also reported around the same period. Cyble described MiningDropper, also known as BeatBanker, as an Android malware delivery framework that combines crypto mining, information theft, remote access, and banking malware. 

The report underlines a wider trend. Criminals are not only building fake crypto wallet apps. They are also creating flexible mobile malware systems that can be reused for different attacks. 

What Traders Should Do Now

Traders should treat every crypto wallet download with caution. The safest step is to visit the official website of the wallet provider and follow the verified download link from there. A search result or a familiar icon can still lead to a fake app.

Users should never enter a seed phrase into a page that appears unexpectedly. A recovery phrase should only be used during a genuine wallet recovery process, and cold wallet users should remember that the original hardware wallet device is meant to protect that phrase from ordinary phone apps.

It is also wise to avoid installing developer profiles unless they come from a trusted workplace or a clear professional need. Kaspersky specifically warned users not to install developer profiles from unexpected app prompts, because this can allow harmful apps to reach the device. 

Read also: Is Having Multiple Crypto Wallets a Smart Idea? Pros & Cons Explained

Conclusion

The discovery of 26 FakeWallet apps is a clear warning for every crypto trader. A crypto wallet is not just another app. It is the door to personal digital assets. If attackers steal the seed phrase, they may not need a password, a support desk, or further permission.

The safest habit is simple. Download only from official sources, check the publisher, avoid strange prompts, and never share a recovery phrase. In crypto, security often depends on small choices made before a transaction ever begins.

FAQ

What is a FakeWallet app?

A FakeWallet app is a malicious app that pretends to be a real crypto wallet. It may copy a trusted brand name, icon, or screen design to trick users.

What did the 26 fake apps try to steal?

They targeted seed phrases and private keys. These are the details that can give attackers control of a crypto wallet.

Were the apps found on Google Play?

The available reports said there was no evidence that these apps were distributed through Google Play. The reported case involved Apple’s App Store.

Why is a seed phrase so important?

A seed phrase can restore access to a wallet. If someone else gets it, they may be able to move the funds without the owner’s approval.

How can traders avoid fake crypto wallet apps?

Use official wallet websites, check the app publisher, avoid unexpected links, never install unknown developer profiles, and never type a seed phrase into a suspicious page.

crypto-walletWallet

Disclaimer: The content of this article does not constitute financial or investment advice.

Register now to claim a 1023 USDT newcomer's gift package

Join Bitrue for exclusive rewards

Register Now
register

Recommended

Best Altcoins To Buy Now: May 2026 Update
Best Altcoins To Buy Now: May 2026 Update

Best altcoins guide for May 2026. Reviews leading altcoins, market themes, risks, and watchlist choices for careful crypto investors.

2026-05-02Read
Best DEXs for Beginners: May 2026 Update
Best DEXs for Beginners: May 2026 Update

What is the best DEX for beginners 2026? Here is the explanation of simple crypto swaps, wallet control, low fees, safety tips, and choosing a DEX.

2026-05-02Read
Iran Crypto: The Country Where Bitcoin Mining Costs 98% Less
Iran Crypto: The Country Where Bitcoin Mining Costs 98% Less

Bitcoin Mining in Iran offers low-cost power but faces legal, central bank, blackout, crackdown, liquidity, and compliance risks.

2026-05-01Read