A fake Phantom wallet on Apple’s app store is reportedly draining user funds when users recover their accounts using their private keys.
The application closely mimics the original Phantom wallet published by Phantom Technologies Incorporated. When searching for the Phantom wallet, the fake app appears as an ad even before the original application.
Fake Phantom Wallet Misleading Users
The original application is categorized as a utility, while the fake app is listed as an educational app published by Meta Voxify. This publisher only has this fraudulent app in its listings.
Interestingly, the description of the bogus app is for an application called Voxify AI, which seems to be a text-to-speech conversion tool. Searching for Voxify AI on the app store currently directs users to the fake Phantom wallet app.
Multiple Complaints and Reviews
The app has received multiple one-star reviews. In the app review section, several users complained of losing funds when loading their wallets into the fake app.
Users report losing funds on the fake app.
At the time of publication, the application had been removed from the app store. However, it was still live on the platform when searching for “Meta Voxify” or “Voxify AI.”
Recurring Issue with Malicious Apps
This isn’t the first instance of malicious applications infiltrating Apple’s store. Last year, bad actors deployed a clone of the cryptocurrency wallet Rabby Wallet. Similar to the current incident, the wallet was displayed as the first result when searching for “Rabby Wallet.”
The original Rabby Wallet was only available as a standalone desktop application and a Google Chrome extension at the time.
Increasing Targeting of Smartphone Users
Scammers have increasingly targeted smartphone users over the past few years. A 2023 research from a cybersecurity firm revealed that scammers were evading Google and Apple’s app store security measures to deploy malicious applications. They used an app signed with a valid certificate issued by Apple to get approved and subsequently connected the app to malicious servers to defraud victims.
Whether or not bad actors used a similar tactic in this case remains unclear.
Amidst this backdrop, Mende Matthias, co-founder of the Dubai blockchain center, reportedly lost over $100,000 worth of funds from his Phantom wallet. He stressed that his funds were transferred to a different wallet address despite having various security measures in place. He denied interacting with any malicious links or websites and concluded that he may have been targeted because he “openly shared” how much he invested.
Matthias confirmed that his funds were not lost via the fraudulent Phantom wallet application. However, he hasn’t disclosed how the attackers exploited his wallet. The team at Phantom is yet to respond to the issue.
For more news and updates on cryptocurrencies, investing, and finance, explore the latest articles on Global Crypto News.