APPLE'S CHINA STORE COMPROMISED BY 26 CRYPTO-STEALING APPS

The fraudulent apps impersonate legitimate wallet services including Metamask, Coinbase, Trust Wallet, and OneKey. Once installed, they deceive users into entering their seed phrases—the master keys to cryptocurrency accounts—and subsequently drain their holdings. Seed phrases represent the highest level of access to crypto wallets. Unlike passwords, they cannot be reset or recovered. A compromised phrase grants attackers permanent control over all funds stored in that wallet, making this type of attack particularly destructive. Apple's China App Store operates under different policies than its global counterpart due to regulatory requirements. The company maintains separate review processes for the Chinese market, though details about how these specific apps bypassed security measures remain unclear. The discovery underscores persistent security challenges in cryptocurrency adoption. Users routinely face social engineering tactics designed to extract recovery information. These attacks succeed because they exploit user behavior rather than technical vulnerabilities—no amount of platform security prevents users from voluntarily sharing their most sensitive credentials. This incident follows a pattern of wallet impersonation schemes across multiple app stores. Bad actors create near-identical interfaces and names to fool users, particularly those new to cryptocurrency who may not recognize authentic branding. Apple has reportedly removed the malicious apps following disclosure. The company has not announced specific changes to its Chinese App Store review process to prevent similar infiltration. Security researchers recommend that wallet users employ multiple verification steps before entering recovery phrases, including confirming URLs, checking official documentation, and verifying app legitimacy through developer websites. Hardware wallets—physical devices that store cryptocurrency offline—remain the most secure option for protecting valuable holdings.