In March 2026, researchers identified a surge of phishing applications on the Apple App Store masquerading as legitimate crypto wallets like MetaMask and Ledger. These apps utilize typosquatting and malicious iOS provisioning profiles to bypass store filters and distribute trojanized versions of software. Once installed, the malware is designed to exfiltrate recovery phrases and private keys by hijacking UI components and exploiting library injection techniques.
While the campaign primarily focuses on users in China due to regional availability restrictions, the techniques are highly adaptable and support multiple languages. The malware targets both hot and cold wallets through sophisticated methods including React Native code tampering and custom executable sections. This campaign shows a link to the SparkKitty Trojan and presents a significant risk to cryptocurrency assets globally due to its polished phishing interfaces and bypass of traditional mobile security measures.
Top comments (0)