Phishing crypto-wallet clones in the App Store and other attacks on iOS and macOS crypto owners — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Apr 30, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: Phishing Crypto-Wallet Clones in the App Store Targeting iOS & macOS Users in India

Phishing scams involving fake cryptocurrency wallets on Apple’s App Store are rising fast, putting Indian crypto owners at high financial risk.

What Is the Phishing Crypto-Wallet Clones Scam in the App Store and Other Attacks on iOS and macOS Crypto Owners?

This scam involves cybercriminals creating counterfeit versions of popular cryptocurrency wallet apps—like MetaMask, Trust Wallet, or Coinbase Wallet—and uploading them to Apple’s official App Store. These fake apps closely mimic the branding, user interface, and features of the genuine versions, making it difficult for users to identify the difference. Once installed, these phishing wallets prompt users to enter sensitive information such as private keys, seed phrases, or login credentials, which the scammers use to steal the victim’s cryptocurrencies.

The scam mainly targets Apple device users in India who actively engage in cryptocurrency trading and holding—especially those who download wallets recommended through social media, online forums, or WhatsApp groups focused on crypto investment tips. With India’s growing crypto adoption, officially estimated at over 15 crore users, these attacks have become increasingly widespread. The Indian Computer Emergency Response Team (CERT-In) and the Indian government’s Integrated Financial Crime and Cybercrime Coordination Centre (I4C) have recently issued advisories warning users about such phishing tactics targeting mobile applications.

Though Apple has stringent app review policies, scammers are constantly uploading these malicious clones, often changing names or slightly tweaking designs to bypass checks. Since the fake wallets are distributed through the official App Store, many users falsely believe these apps are safe.

How This Scam Works — Step by Step

1. Lure Through Social Media or Messaging Apps: Scammers promote their fake wallet apps on Instagram, Twitter, Facebook, Telegram channels, and popular Indian WhatsApp groups dedicated to cryptocurrency investment tips or giveaways. They promise “exclusive airdrops,” “early user bonuses,” or “better security features.”

2. Victim Downloads the Phishing Wallet: Convinced by the consistent branding and App Store presence, users download the counterfeit wallet onto their iPhone, iPad, or Mac.

3. Fake Onboarding and Data Collection: Upon opening the app, users are asked to “log in” or “restore wallet” by entering their private keys or 12/24-word seed phrases—information that legitimate wallets never share or ask users to transmit.

4. Scammers Harvest Credentials and Access Funds: Once entered, scammers capture these details remotely and use them to empty the user’s real crypto wallets on the blockchain, transferring funds to accounts they control.

5. Victims Notice Missing Funds Too Late: Because cryptocurrency transactions are irreversible and anonymous, users are unable to reverse the transfers or track the recipient accounts easily. Attempts to seek refunds or UPI-based reversal fail since transfers happen on decentralized blockchain networks.

Real Warning Signs to Watch For

• App name or logo slightly altered compared to the official wallet (spelling mistakes, misplaced icons)
• The app requests private keys or seed phrases directly instead of generating them locally
• Promises of guaranteed returns, freebies, or airdrops if you “act now”
• Presence of poor grammar or spelling mistakes in app descriptions or alerts
• New wallet apps with very few reviews or user feedback on the App Store
• Requests for permissions that are unusual or unnecessary for wallets, such as asking to access contacts or SMS
• Push notifications or messages urging immediate login or fund transfers

What Happens to Victims

The immediate outcome for victims is financial loss—often large sums of cryptocurrency ranging anywhere from a few thousand rupees to lakhs of INR. Unlike UPI or bank transactions, crypto transactions cannot be reversed. Fraudsters can quickly convert stolen crypto to other currencies, making tracking and recovery extremely difficult.

Beyond money, victims endure emotional stress, loss of trust in digital finance, and sometimes social embarrassment—especially when these losses involve funds saved over years or received gradually through salary payments converted to crypto. In cases where scams involve SIM swapping or Aadhaar-based identity misuse, attackers may gain further access to victims’ bank accounts and UPI wallets, deepening the financial harm.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) advises users to be cautious about downloading financial or crypto-related apps only from verified sources and to never share private information such as OTPs, Aadhaar details, or wallet seed phrases. CERT-In has also issued alerts urging users to verify the authenticity of apps before installation and report suspicious ones immediately.

For help related to cybercrime, the government provides a dedicated cybercrime helpline number: 1930. RBI’s customer helpline 14440 can be contacted for banking-related queries. Moreover, complaints can be filed through the national cybercrime reporting portal, cybercrime.gov.in, for faster action.

How to Protect Yourself

1. Download Wallets Only from Official Sources: Visit the official website of your crypto wallet provider to get direct download links. Avoid clicking links shared on social media or messaging platforms.

2. Check Developer Details and Reviews on the App Store carefully—choose apps with verified badges and substantial positive feedback.

3. Never Share or Enter Your Seed Phrase or Private Keys into any app or website. Legitimate wallets never ask for these details after setup.

4. Use Two-Factor Authentication (2FA) wherever possible when accessing your crypto accounts.

5. Ignore Messages Promising Free Crypto or Rewards—such offers are often bait for phishing.

6. Keep Your iOS and macOS Devices Updated with the latest security patches.

7. Regularly Monitor Your Wallet Transactions using blockchain explorers or the official wallet app to detect unauthorized transfers early.

What to Do If You've Been Targeted

• Immediately stop using the compromised app and uninstall it from your device.
• Report the incident to the cybercrime helpline 1930 and file an official complaint on cybercrime.gov.in.
• Inform your bank and UPI provider to watch for suspicious transactions; consider temporarily freezing linked accounts or SIM cards if you suspect identity theft.
• Change passwords for connected accounts and revoke all app permissions to your crypto wallets.
• Track your wallet address on blockchain explorers to monitor suspicious activities.
• Contact Apple Support to report the fraudulent app for removal from the App Store.

Frequently Asked Questions

Q: Can Apple block such fake wallet apps from the App Store quickly?
Apple does have strict app review rules but scammers often bypass them by altering app details. Users should always verify the app’s developer and reviews before downloading.

Q: What should I do if I accidentally entered my seed phrase in a fake app?
Assume your wallet is compromised. Move your remaining funds to a new wallet with a fresh seed phrase and inform cybercrime authorities immediately.

Q: Are there any official Indian government resources to check if a crypto app is legitimate?
Currently, there is no specific government app vetting service for crypto wallets, so users should rely on official websites, RBI advisories, and phishing alerts from CERT-In and I4C.

Your digital safety is in your hands! Always verify suspicious messages, app links, and offers before acting. Visit BharatSecure.app to check if what you received is a scam and protect yourself from evolving online frauds.