Cybersecurity researchers at Kaspersky have uncovered a stealthy campaign involving 26 counterfeit cryptocurrency wallet applications distributed through Apple’s official App Store. These fraudulent programs impersonated some of the most popular digital asset managers, putting users’ holdings at risk of complete theft. The findings, released on April 20, 2026, highlight how even vetted app marketplaces can become vectors for sophisticated crypto exploits.

The operation, which Kaspersky has tracked as active since at least autumn 2025, appears linked with moderate confidence to the operators behind the SparkKitty malware family.

Attackers created clones of well-known wallets including MetaMask, Ledger, Trust Wallet, Coinbase,…