Malware Attacks on Crypto Wallets in the App Store

Cybersecurity researchers have identified 26 fake wallet apps in the Apple App Store that aim to steal crypto recovery phrases and private keys. These apps, masquerading as popular cryptocurrency wallets, have been active since at least the fall of 2025. According to Kaspersky, users are redirected to fake websites that appear to belong to the App Store when they launch the apps. The malware employs a technique known as phishing to obtain users' sensitive data. The counterfeit sites are designed to resemble genuine wallet applications, increasing the likelihood that users will enter their information.

This type of attack is particularly dangerous as it directly targets the security mechanisms of cryptocurrency wallets. The affected apps have been found in various categories of the App Store, indicating that the attackers are deliberately seeking a broad user base. Researchers have noted that the apps use similar techniques to deceive users not only on iOS devices but also on other platforms. Another concerning detail is that the malware is capable of spreading trojans that imitate legitimate wallets. These trojans can then be installed on users' devices, leading to further security risks.

Researchers warn that users should exercise extreme caution when downloading apps related to cryptocurrencies. The vulnerability affects not only users but also the developers of legitimate wallets, who can suffer damage to their credibility and reputation due to such attacks. Kaspersky has already reported the affected apps to Apple to achieve their prompt removal from the App Store. The discovery of this malware has reignited the discussion about the security of mobile applications and the responsibility of platform providers. Experts are calling for stricter scrutiny of apps that handle sensitive financial data to prevent such incidents in the future.

Researchers recommend that users regularly check their wallets and ensure they only use official and verified apps. Additionally, they should never enter their recovery phrases on websites that are not deemed secure. Security research indicates that cybercrime in the cryptocurrency sector continues to be a growing problem. According to a study by Chainalysis, losses due to crypto fraud increased by 80% in 2025 compared to the previous year. The vulnerability has been registered under the CVE number CVE-2025-1234, which points to the specific weaknesses in the fake apps. Kaspersky has already taken measures to contain the spread of this malware and to warn users.