FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026 researchers uncovered a campaign (FakeWallet) that published over 20 typosquatting/phishing apps in the Chinese Apple App Store which direct victims to provisioning-profile-based installs or WebView phishing pages that collect and exfiltrate wallet recovery phrases and private keys; the report includes detailed technical analysis of malicious dylibs and React Native implants, POST exfiltration formats, C2 domains, file hashes, distribution links, observed Android variants, victim targeting (primarily China), and an attribution link to SparkKitty.