FakeWallet Apple App Store wallet-stealing apps
Malware Activity
Summary
Hide ▲
Show ▼
The FakeWallet app set turned the Apple App Store into a delivery channel for 26 malicious wallet lookalikes, putting crypto holders at risk of account takeover and theft. The apps impersonated brands such as Metamask, Coinbase, Trust Wallet, and OneKey, then pushed victims toward phishing pages and trojanized wallet installs. Users in China were the main target, but the design could scale beyond that market if the operators expand distribution.
Related Happenings
Rokarolla Android banking trojan activity
Malware Activity
H score26
First: 16.06.2026 16:15
Last: 16.06.2026 16:15
Sources 1
About this happening:
The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Rokarolla Android banking trojan activity
Malware ActivityAbout this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Android 17 expands platform security and privacy protections
Security Tool/Service
H score15
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria
Campaign
H score33
First: 11.05.2026 18:15
Last: 11.05.2026 18:15
Sources 1
About this happening:
The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....
TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria
CampaignAbout this happening: The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....
Sqgame[.]net gaming platform hit by network compromise
Incident
H score10
First: 05.05.2026 18:00
Last: 05.05.2026 18:00
Sources 1
About this happening:
The **sqgame[.]net** gaming platform was **compromised**, and its **Windows** and **Android** software were **trojanized** to deliver malicious code to users, putting a regional e...
Sqgame[.]net gaming platform hit by network compromise
IncidentAbout this happening: The **sqgame[.]net** gaming platform was **compromised**, and its **Windows** and **Android** software were **trojanized** to deliver malicious code to users, putting a regional e...
AccountDumpling Google AppSheet Facebook phishing campaign
Campaign
H score31
First: 01.05.2026 21:09
Last: 01.05.2026 21:09
Sources 1
About this happening:
A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
AccountDumpling Google AppSheet Facebook phishing campaign
CampaignAbout this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
Timeline
-
21.04.2026 00:52 2 articles · 2mo ago
FakeWallet App Store wallet-stealer disclosure
Initial DisclosureKaspersky identified FakeWallet, a campaign of 26 malicious Apple App Store apps that impersonated Metamask, Coinbase, Trust Wallet, and OneKey to steal recovery or seed phrases and drain cryptocurrency assets from users in China; the apps used fake branding, typosquatting, phishing pages, and iOS provisioning profiles, and Apple removed all 26 apps after responsible disclosure.
Show sources
- China's Apple App Store infiltrated by crypto-stealing wallet apps — www.bleepingcomputer.com — 21.04.2026 00:52
- 26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases — thehackernews.com — 24.04.2026 14:48