Malicious copies of popular apps have been discovered on the Apple App Store. These apps are designed to be mistaken for legitimate apps and conduct malicious activity, such as stealing login credentials and other sensitive information. Malicious crypto wallet drainers and password vault impersonations have been reported to target unsuspecting victims and trick them into entering their credentials and crypto seed phrases, allowing threat actors to access their accounts to steal their funds and identities.

Leather warned about a malicious Leather app on the Apple App Store. They emphasized that users should refrain from inputting their secret seed phrases into the fake app and prompted victims to transfer their cryptocurrency into a new wallet to protect user assets
from being drained by threat actors. They further advised users that the only legitimate Leather download is available directly from their website. As of March 12, the fake Leather app is no longer available on the Apple App Store.

Similar to Leather, Rabby Wallet does not yet offer an app through the Apple App Store. In addition to the fake versions of Rabby Wallet discovered on the platform in October and December 2023, a malicious crypto drainer app, dubbed Rabby Wallet and Crypto Solution, was uploaded to the Apple App Store in February. Apple has since removed all three cases.

The Apple App Store also approved a malicious imitation of the LastPass app. The fake app, dubbed LassPass, resembled the legitimate app’s branding, logo, and interface. The malicious copycat has since been removed, as it violated Apple’s copycat app guidelines. The persistence of malicious copycat apps and the recurring vulnerabilities in Apple’s app verification process highlight the critical need for more robust app screening procedures to prioritize user safety and security.

The NJCCIC recommends that users educate themselves and others on these continuing threats and tactics to reduce victimization. After analyzing customer reviews, users are advised to only download applications from official sources. Users who downloaded the affected apps are urged to uninstall them promptly. Credentials used to log in to malicious apps should immediately be changed. If you identify a malicious app, report the activity to the Apple App Store, FBI’s IC3, and the NJCCIC.