Overview
- Kaspersky identified 26 wallet imitators on Apple’s China App Store and linked them to a single FakeWallet campaign tied to SparkKitty.
- Apple removed the 26 listings after the disclosure.
- The operators copied names and icons, used typos, and listed the apps as games or calculators to bypass Chinese restrictions.
- The apps opened phishing pages that pushed trojan wallets via iOS provisioning profiles, a feature that lets companies load apps outside the store.
- Malicious code captured seed phrases during setup or through fake checks, enabling instant wallet takeovers, and researchers warn the tooling could reach users worldwide.