"Install it and your Bitcoin will be stolen"...Apple App Store uncovers 26 fake wallet apps

▲ iPhone, cryptocurrency hacking/AI-generated image

Tension is rapidly escalating in the security industry as a large-scale cryptocurrency hacking attempt targeting iPhone users' assets has been uncovered. With a flood of fake cryptocurrency wallet apps disguised as legitimate services being detected, it is being evaluated that the vulnerabilities of the iOS ecosystem, which was previously considered relatively safe, have been exposed.

According to the virtual asset specialized media CryptoPotato on April 23 (local time), global cybersecurity company Kaspersky recently identified 26 fraudulent applications designed to steal user assets from Apple's App Store. These apps were designed to mimic the names and designs of widely used cryptocurrency wallets such as MetaMask, Ledger, and Coinbase, leading users to mistake them for official services. Wallets supporting Bitcoin (BTC) and Ethereum (ETH), as well as XRP, were included in the attack targets, and upon execution, users were led to sophisticated phishing pages.

To bypass Apple's security review, attackers initially disguised themselves by offering normal functions, such as calculator or to-do list management apps. However, after installation, they displayed a fake App Store screen to trick users into thinking it was an official update, then induced them to install additional wallet apps containing malicious code. Kaspersky analyzed that Apple's enterprise developer tools were exploited in this process, and the malicious software was designed to run outside the App Store by inducing the installation of specific protocols.

This attack is understood to have started at least in the fall of 2025 and is linked to a malware distribution organization called 'SparkKitty'. The main target was Chinese users, but the malware itself has no regional restrictions, making all iPhone users worldwide, including Korea, potential victims. Following Kaspersky's report, Apple promptly removed the apps.

Security experts point out that the perception of iPhones being relatively safe has ironically lowered user vigilance. Sergey Puzan, a mobile malware expert at Kaspersky, explained that attackers can pay to acquire developer accounts and then target all iOS devices exposed to phishing. At the same time, he raised the possibility of variant attacks using similar methods continuing to emerge. Recently, cases of fake hardware wallets distributed through online marketplaces stealing seed phrases have also been confirmed, indicating a trend of attack methods spreading across both online and offline environments.

The core of virtual asset security lies in fundamentally blocking app installations through unverified channels. Verification of downloads through official websites and developer information is emphasized as a basic defense mechanism. Since stolen assets are virtually impossible to recover, the necessity of using cold storage, such as hardware wallets, is once again highlighted. In an environment where cybercrime is becoming more sophisticated, the limitations of technical security alone are becoming clear, and users' own thorough security habits are emerging as a key factor in protecting assets.

*Disclaimer: This article is for investment reference only and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*