:

APPLE'S CHINA STORE COMPROMISED BY 26 CRYPTO-STEALING APPS

INDUSTRY DESK2 MIN READ
MON, APR 20, 2026

■ AI-SUMMARIZED FROM 4 SOURCES ▸ TIMELINE

Twenty-six malicious applications disguised as popular cryptocurrency wallets have infiltrated Apple's Chinese App Store, targeting users' recovery phrases and digital assets.

The fraudulent apps impersonate legitimate wallet services including Metamask, Coinbase, Trust Wallet, and OneKey. Once installed, they deceive users into entering their seed phrases—the master keys to cryptocurrency accounts—and subsequently drain their holdings. Seed phrases represent the highest level of access to crypto wallets. Unlike passwords, they cannot be reset or recovered. A compromised phrase grants attackers permanent control over all funds stored in that wallet, making this type of attack particularly destructive. Apple's China App Store operates under different policies than its global counterpart due to regulatory requirements. The company maintains separate review processes for the Chinese market, though details about how these specific apps bypassed security measures remain unclear. The discovery underscores persistent security challenges in cryptocurrency adoption. Users routinely face social engineering tactics designed to extract recovery information. These attacks succeed because they exploit user behavior rather than technical vulnerabilities—no amount of platform security prevents users from voluntarily sharing their most sensitive credentials. This incident follows a pattern of wallet impersonation schemes across multiple app stores. Bad actors create near-identical interfaces and names to fool users, particularly those new to cryptocurrency who may not recognize authentic branding. Apple has reportedly removed the malicious apps following disclosure. The company has not announced specific changes to its Chinese App Store review process to prevent similar infiltration. Security researchers recommend that wallet users employ multiple verification steps before entering recovery phrases, including confirming URLs, checking official documentation, and verifying app legitimacy through developer websites. Hardware wallets—physical devices that store cryptocurrency offline—remain the most secure option for protecting valuable holdings.

■ SOURCES

TechCrunchBleeping ComputerBloomberg TechBloomberg Tech

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

5H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

5H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

10H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.