News

Fake Phantom wallet hacks Apple’s app store, draining crypto assets

Published

5 months ago

on

A fake Phantom wallet on Apple’s app store is reportedly draining users’ funds when a user recovers their account using their private key.

The application closely mimics the original Phantom Wallet published by Phantom Technologies Incorporated. When searching for the Phantom wallet, the app appears as an advertisement, even before the original application.

Fake Phantom Wallet Appears Before Original as Ad | Source: Apple App Store

While the original application is classified as a utility, the fake app is classified as an educational app published by Meta Voxify. The publisher only has this fake app in its listings.

Interestingly, the description of the fake app is for an application called Voxify AI, which appears to be a text-to-speech conversion tool. Searching for Voxify Ai on the app store currently directs users to the fake Phantom wallet app.

The app has multiple one-star reviews. In the app’s review section, several users have complained about losing funds when they loaded their wallets into the fake app.

Users Report Losing Funds on Fake App | Source: Apple App Store

At the time of publication the application had been removed from the app store. But it was still active on the platform when searching for “Meta Voxify” or “Voxify ai”.

This is not the first case of malicious applications infiltrating the Apple Store.

Last year, bad actors implemented a clone of the Rabby Wallet cryptocurrency wallet. Similar to the current incident, the wallet was displayed as the first result when searching for “Rabby Wallet”.

At the time, the original wallet was only available as a standalone desktop application and as a Google Chrome extension.

In recent years, scammers have increasingly targeted smartphone users. 2023 research by cybersecurity firm Sophos revealed that pig slaughter scammers were bypass the security of the Google and Apple app stores measures to distribute malicious applications.

The scammers used a signed app with a valid certificate issued by Apple to gain approval. Subsequently, they would connect the app to malicious servers under their control to scam victims.

It is not yet clear whether the attackers used a similar tactic in this case.

In this context, Mende Matthias, co-founder of the Dubai blockchain center, presumably lost over $100,000 in funds from his Phantom wallet. He pointed out that his funds were transferred to a different wallet address despite various security measures in place.

Furthermore, he also denied interacting with malicious links or websites. He concluded that he may have been targeted because he “openly shared” how much he invested.

Matthias also has confirmed that his funds were not lost via the fraudulent Phantom wallet app. However, he did not disclose how the attackers exploited his wallet.

The Phantom team has not yet responded to the issue.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version