Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
Gate MCP
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 30+ AI models, with 0% extra fees
Apple App Store Has 26 Malicious Wallet Apps; Kaspersky Warns Users to Prevent Phishing Scams
Recently, cybersecurity company Kaspersky discovered 26 fake cryptocurrency wallet apps in the China-region Apple App Store. These apps are specifically designed to steal users’ digital assets.
The way these apps get listed is quite covert. They initially appear to be ordinary tool-type apps—such as calculators, mini-games, and to-do lists—so they pass Apple’s review. After they are published, they move up in the rankings by using counterfeit icons, similar names, and search optimization to push into top positions.
After users download and open the apps, they are redirected to a phishing webpage that highly imitates the App Store. The page prompts users to re-download the “official” wallet.
Attackers also exploit iOS enterprise or developer configuration profiles to bypass the App Store review process via sideloading and install trojanized wallets.
Once users create or restore a wallet on the fake interface, the mnemonic phrase is intercepted, encrypted, and sent back to the attacker’s server. Control of the assets is then lost.
The reason China was chosen as the main breakthrough is that, due to policy reasons, multiple official crypto wallet apps are not available on the China-region App Store. This “vacuum” provides natural survival space for counterfeit apps.
However, the malicious modules themselves are not restricted by region. Some phishing notifications also support multi-language adaptation, meaning users outside the China-region face the risk as well.
Previously, U.S. musician G. Love suffered losses of about 5.9 bitcoins—worth approximately 436,000 USD—after downloading a counterfeit Ledger app from the App Store and entering his mnemonic phrase. This shows that even downloads from official stores should not be taken lightly.
At present, Kaspersky has reported all 26 malicious apps to Apple, and some of the apps have been removed by the official platform.
Experts warn that although these apps themselves may not contain harmful code, they act as entry points into a broader attack chain, ultimately resulting in malware installation.
He also further pointed out that by paying fees and setting up developer accounts, attackers can target any iOS device as long as users give in to the phishing tactics.
Users should be alert to the risks of managing cryptocurrency wallets. Even on devices they believe are safe—such as iPhones—it is expected that more trojanized crypto wallet apps distributed via similar strategies will be rolled out.
#iPhone钓鱼攻击 # wallet scam