“a wide variety of malicious modules, each tailored to a specific wallet, " puzan said. " in most cases, the malware is delivered via a malicious library injection, though we ' ve also come across builds where the app ' s original source code was modified. " the end goal of these …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
57%
“work of native chinese speakers and specifically target cryptocurrency assets. " the fakewallet campaign is gaining momentum by employing new tactics, ranging from delivering payloads via phishing apps published in the app store to embedding themselves into cold wallet apps and u…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1496.001Compute Hijacking
40%
“##s from an encrypted assets archive present within the package. " miningdropper employs a multi - stage payload delivery architecture that combines xor - based native obfuscation, aes - encrypted payload staging, dynamic dex loading, and anti - emulation techniques, " cyble said…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025.
"Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets," Kaspersky