Leather

The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets.

Wallet drainers are apps or malicious scripts that trick users into entering their secret passphrases or performing malicious transactions allowing attackers to steal all digital assets, including NFTs and cryptocurrency, from users' wallets.

Wallet drainers (aka crypto drainers) have become increasingly common over the past year, with threat actors hacking social media accounts with a lot of followers to promote phishing sites containing malicious sites or taking out ads to drive visitors to sites that trick users into entering their wallets recovery phrase.

The wallet drainer "business" has become so profitable that threat actors have created crypto phishing services, allowing any wannabe threat actor to participate in illegal activity.

Fake Leather app on Apple App Store

Last week, the genuine Leather wallet warned its community about a fake version of its wallet on the Apple App Store, making it clear that the company does not yet offer an iOS app.

Tweet

The platform advised those who entered their secret passphrase on the fake app to immediately transfer their cryptocurrency to a new wallet. This is because once the passphrase was entered into the phony wallet, it was likely sent to the threat actors, who can use it to drain the wallet of all assets.

The app remains available on the App Store despite Leather's report to Apple over a week ago.

Unfortunately, people have already reported that they lost funds by entering their passphrase into the fake Leather wallet, with users reporting a loss of funds in the past few days and even today.

Tweet

At the time of writing, the malicious app is still on the App Store, published by 'LetalComRu,' and using the real Leather logo.

Fake Leather app on the App Store
Fake Leather app on the App Store (BleepingComputer)

Notably, the app has a rating of 4.9 out of 5.0, with most user-submitted reviews appearing fake as they use random but similar names, and the text is almost identical.

Favorable user reviews
Favorable user reviews (BleepingComputer)

Since the App Store does not report download counts, the number of people who downloaded this crypto drainer app is unknown.

BleepingComputer has contacted Apple about the presence of the wallet drainer app on the App Store, but a comment wasn't immediately available.

Though Apple is known for maintaining high quality and security standards on the App Store, scammers have found ways to bypass crucial checks.

In early February 2024, a fake app named 'LassPass,' which mimicked the popular password management app LastPass, was published on the App Store.

LastPass reported the fraudulent app to Apple via the recommended procedure, and it was removed from the App Store a few hours after our publication for violating guidelines on copycat apps.

In the case of Leather, the fake app does not attempt to spoof another one but instead takes advantage of the unavailability of an iOS app by the real wallet management platform.

This should still apply for a content dispute, as Leather's intellectual property is used to promote the drainer, but until the app is removed, users are advised to be cautious.

Finally, this is a good reminder of why it is safer to navigate to apps on App Stores using links from the official websites of these projects, as long as the authenticity of those sites is first confirmed. In this case, the real Leather website is on leather.io.

Update 3/12 - An Apple spokesperson confirmed to BleepingComputer the removal of the malicious crypto drainer app from the App Store, which was live for just over two weeks. Also, the app's developer will be removed from Apple's Developer Program.

Related Articles:

CoinStats says North Korean hackers breached 1,590 crypto wallets

Microsoft India’s X account hijacked in Roaring Kitty crypto scam

DMM Bitcoin warns that hackers stole $300 million in Bitcoin

Indian man stole $37 million in crypto using fake Coinbase Pro site

Ebury botnet malware infected 400,000 Linux servers since 2009