Malicious actor campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
A fake Ledger Live app in Apple’s App Store drained about $9.5 million in cryptocurrency from 50 victims in a few days, indicating a broader wallet-theft campaign rather than a one-off scam. The lure impersonated Ledger on macOS and captured seed/recovery phrases, giving the operator full wallet access. Funds were moved across Bitcoin, Ethereum, Tron, Solana, and Ripple before being funneled through KuCoin deposit addresses and the AudiA6 mixing service. Apple later removed the app, but the operation had already spread across multiple victims and chains.
Related Happenings
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical Analysis
First: 24.04.2026 14:48
Last: 24.04.2026 14:48
Sources 1
About this happening:
**MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical AnalysisAbout this happening: **MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
FakeWallet Apple App Store wallet-stealing apps
Malware Activity
First: 21.04.2026 00:52
Last: 21.04.2026 00:52
Sources 1
About this happening:
The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...
FakeWallet Apple App Store wallet-stealing apps
Malware ActivityAbout this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...
FakeWallet crypto wallet phishing campaign targeting users in China
Campaign
First: 21.04.2026 00:52
Last: 21.04.2026 00:52
Sources 1
About this happening:
The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...
FakeWallet crypto wallet phishing campaign targeting users in China
CampaignAbout this happening: The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...
Latest development: 24.04.2026 14:48
Kaspersky said the FakeWallet campaign is gaining momentum with new tactics, including phishing apps published in the Apple App Store, cold wallet impersonation, and phishing notifications, and suspected it may be the work of threat actors linked to SparkKitty because some infected apps use OCR to steal wallet recovery phrases and the two campaigns share native Chinese-speaking operators and cryptocurrency targeting.
Unnamed high-profile Lebanese journalist hit by network compromise
Incident
First: 09.04.2026 13:45
Last: 09.04.2026 13:45
Sources 1
About this happening:
An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...
Unnamed high-profile Lebanese journalist hit by network compromise
IncidentAbout this happening: An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...
Bitter Middle East spear-phishing campaign targeting civil society figures
Campaign
First: 09.04.2026 13:45
Last: 09.04.2026 13:45
Sources 1
About this happening:
A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...
Bitter Middle East spear-phishing campaign targeting civil society figures
CampaignAbout this happening: A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...
Timeline
-
14.04.2026 19:37 2 articles · 1mo ago
Fake Ledger Live app theft campaign reported on Apple’s App Store
Initial DisclosureA malicious Ledger Live app for macOS in Apple’s App Store was reported as having drained about $9.5 million in cryptocurrency from 50 victims after users entered seed/recovery phrases, giving attackers full wallet access and enabling transfers across Bitcoin, Ethereum, Tron, Solana, and Ripple. The stolen funds were laundered through more than 150 KuCoin deposit addresses linked to the AudiA6 mixing service, Apple removed the fake app, and KuCoin said it froze the involved accounts.
Show sources
- Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto — www.bleepingcomputer.com — 14.04.2026 19:37
- Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto — www.bleepingcomputer.com — 14.04.2026 19:37