As cryptocurrency has grown into an industry, it’s common to come across unreliable products which are there to grasp onto others’ cryptocurrency holdings. There are cybercriminals aiming at stealing cryptocurrency from iPhone and Android users by tempting them into fraudulent applications posing to provide services of crypto wallets.

Researchers at ESET for cybersecurity have come across over 40 websites that appear to be trusted cryptocurrency websites when in reality are mere fakes. They trick victims into downloading these applications and then stealing their coins. New investors and ASIC miners are more vulnerable to these malicious apps as it becomes easier to fool them. Most websites are particularly designed for smartphones.


These attackers focus on marketing as their prime strategy. They post on trusted cryptocurrency-related websites to generate traffic to their applications and encourage people to download them. Many cybercriminals are proven to communicate in Chinese and spread their applications through social media. They drop links of their application in Facebook groups and other social media platforms, explaining in a step-by-step tutorial video how to register for their crypto wallets and gushing about their secure interface.

Those who accompany and help these malicious actors to trick victims are offered commissions of up to 50% on every successful theft.

Scam Alart

How does it work?

The operation of the fraudulent crypto wallet would differ according to whether it launched on an iOS or Android device.


For Android, cybercriminals target new users who have no legitimate cryptocurrency wallet installed on their devices. Since Android has strict policies for its security, it wouldn’t allow overlap and can detect a malicious application if an authentic one already exists on the device.

The attackers would always extend an invite to download their applications through “Download from Google Play”, and when clicked they would generate a fake link. However, once they’re downloaded they need to be installed manually.

Many of these applications emerge from third-party websites, however, there were more than a dozen reported on Google PlayStore. They were later removed. It’s safe to say there may be more undetected applications on the actual PlayStore, and you may need to be mindful of them.


iOs, however, is the more vulnerable victim. Even those with experience in cryptocurrency, who already have a legitimate application installed on their device can be targeted. On an iOS device, it is possible to have a fraudulent and authentic application co-exist.

However, it is not possible to upload fake applications on Apple’s App Store, hence, potential victims are always generated on third-party websites. To ensure a successful installation, users are encouraged to bypass and turn off Apple’s in-built protection settings which simply uninstalls shady applications.

Once installed successfully on your smartphone, the applications will behave exactly like a cryptocurrency wallet to maintain the disguise.

How do attackers manipulate data?

By inputting specific codes, attackers are allowed to enter the user’s wallets and access their holdings as if it was their own. This will take place smoothly, without notifying the user.

attackers manipulate crypto data

How can we stay away from such cryptocurrency wallets?

These campaigns of make-believe crypto wallets are ongoing and don’t seem to be going away anytime soon. Attackers and developers are working towards manufacturing more sophisticated wallets to trick victims.

To avoid this, be sure to download your cryptocurrency wallet from a secure, trusted, and official platform. They are most likely to hold strict protocols and have a team working at the back end to keep such malicious attackers at bay.

Moreover, it is always recommended to have anti-virus software installed on your smartphone, laptop, and desktop. This would help you detect any dodgy websites and prevent you from downloading fake applications.


The cryptocurrency world, especially those taking their first steps in, needs to be careful. Staying vigilant is only going to minimize your risk of losing your cryptocurrencies. As attackers are coming up with new and improved technologies to build fool-proof crypto wallets and waiting for you to enter your crypto details, it’s better to go for official platforms.

If you have already downloaded a malicious cryptocurrency wallet, we would recommend you create a new trusted wallet and transfer your funds immediately.