Your iPhone Is Hiding 26 Fake Apps Built to Empty Your Crypto Wallet

That “secure” app you just downloaded from the App Store might be a digital trap door. If you use an iPhone to manage your crypto, your life savings could be one click away from disappearing into a hacker’s pocket.

Kaspersky Threat Research recently uncovered 26 fraudulent applications on the Apple App Store designed to mimic popular cryptocurrency wallets. These fake apps look like the real deal, using the exact icons and names of trusted brands including Metamask, Ledger, Trust Wallet, Coinbase, TokenPocket, imToken, and Bitpie.

The scam is sophisticated. When you open one of these fake apps, it looks like a harmless game or a calculator. It then redirects you to a fake webpage that looks like the App Store and tricks you into installing a “developer profile.” Once you agree, a trojanized wallet is downloaded to your device, giving hackers the power to drain your assets.

According to Kaspersky, this campaign has been active since at least fall 2025. Experts attribute the attack with moderate confidence to SparkKitty, a known threat actor group. While many of these malicious apps were aimed at Chinese iOS users, they have no regional restrictions. Anyone, anywhere, can be a victim.

The danger changes depending on how you store your coins. If you use a “hot wallet” like Coinbase or Metamask, the malware watches your screen to steal your seed phrase. If you use a “cold wallet” like Ledger, the fake app tries to trick you into typing your recovery phrase directly into your phone. A legitimate Ledger app will never ask for this.

Security expert Sergey Puzan from Kaspersky warns that attackers are paying for developer accounts specifically to bypass Apple’s usual safeguards. If an app asks you to install a developer profile or follow unexpected links, close it immediately. Your phone is only as safe as the apps you trust.