Global

Crypto Clone Crackdown: Kaspersky Flags 26 Phishing Apps on iOS

Crypto Clone Crackdown: Kaspersky Flags 26 Phishing Apps on iOS
Staff CorrespondentStaff Correspondent
Apr 21, 2026 19:32

Cybersecurity firm Kaspersky has recently identified 26 fake mobile applications that mimic popular cryptocurrency wallets such as MetaMask, Ledger, Trust Wallet, and Coinbase. These phishing apps were primarily detected on China’s iOS App Store. To appear legitimate, they replicate the interface of authentic apps while also incorporating fake features such as games or calculators.

Similar to the previously discussed “SparkKitty” technique, these apps redirect users to a fraudulent App Store page upon launch and prompt them to install the app via a developer profile. The main objective is to install a Trojan-infected wallet application to collect the user’s “seed phrase” or recovery data. In the case of hot wallets, attackers intercept recovery data to gain access, while cold wallet users are deceived into manually providing their seed phrases. Notably, no legitimate wallet application ever requests such sensitive information. Although these fake apps are currently operating within a specific region, such tactics pose a potential global threat.

Commenting on the issue, Kaspersky mobile malware expert Sergey Puzan said, “Although the apps used at the initial stage of the attack are not directly harmful, they eventually trick users into installing a Trojan. Once a user falls into the phishing trap, attackers can easily target any iOS device using developer accounts. Therefore, even users of devices considered secure, such as the iPhone, should remain cautious. We anticipate that more Trojanized crypto apps may spread using similar techniques.”

In response, Kaspersky has advised users to avoid suspicious in-app links, especially when unexpectedly redirected to new pages. Users should not install any developer profiles from untrusted sources, as this may lead to the installation of malicious apps. Recovery or seed phrases should only be used within official wallet devices. Additionally, even when downloading apps from the App Store, users are encouraged to verify the publisher and developer. To ensure security, Kaspersky recommends cross-checking download links with the official website of the respective developer before installation.

DBTech/RI/EK/OR

Tags:

পূর্ববর্তী সংবাদ

RYZE AI Hub: Unified Models, User-Friendly Access

পরবর্তী সংবাদ

AI Alliance Amplifies: Amazon Commits $25B More to Anthropic