Apple’s App Store Is Having a Bad Week

A $9.5M crypto heist and a viral data-harvesting scam have fooled Apple’s gatekeepers
By Chris Hauk
3 Min Read
A macro photograph of an iPhone screen displaying the glowing App Store icon. Reflected on the glass surface is a large stone gate and high brick walls enclosing a garden, illustrating the "walled garden" metaphor central to Apple's antitrust challenges.
Text Size
- +

Toggle Dark Mode

Tuesday turned out to be a rough day for Apple’s App Store Review team, as the company pulled two previously approved apps: one that had stolen millions in cryptocurrency from users and another that had been harvesting highly sensitive user data.

Fake Cryptocoin App Steals Millions from At Least 50 Users

CoinDesk reports that at least 50 users were tricked into handing over access to their cryptocurrency wallets by a Mac App Store app posing as a crypto wallet app known as Ledger Live. While there is a legitimate Ledger Live app for macOS, the real version is only available from the developer’s website — not on the Mac App Store.

The fraudulent App Store version of Ledger Live resulted in the theft of $9.5 million in user assets in under a week. Scammed users were hit between April 7 and April 13, with three of the victims losing seven-figure sums, including a staggering $3.23M in USDT stolen on April 9, $2.08M of USDC on April 11 and $1.95M in BTC, ETH and stETH on April 8.

The fake app asked users to enter their seed phrases. As noted by Mactrast, the genuine Ledger Live app never does this, nor do any legitimate cryptocurrency apps.

Once the bad actors had access to the wallets, they routed the stolen cryptocurrency through the KuCoin crypto exchange, using a service known as AudiA6 to launder the cryptocurrency.

Information about the scam was shared on Telegram by ZachXBT, who had investigated the scam and who says he could see a class-action lawsuit in Apple’s future, due to the large amounts of money stolen from users.

The app spent two weeks on the Mac App Store after Apple’s App Review team approved it. Apple has yet to comment on the situation, nor has it yet explained how the scammy app got past its stringent app review process.

This Limited-Time Microsoft Office Deal Gets You Lifetime Access for Just $39

Sick and tired of subscriptions? Get a lifetime license for Microsoft Office Home and Business 2021 at a great price!

Apple Pulls Data Harvesting App Freecash from App Store

Apple has gone 0 for 2 at the App Store Review plate this week, as it also pulled a data harvesting app called Freecash from the App Store. The app, which was designed solely to gather information about its users, had risen to the top of the App Store charts during the last few months.

TechCrunch reports that Freecash became popular on TikTok by promising users they could “make money just by scrolling TikTok.” However, users were actually trading sensitive personal information to receive “rewards.”

A Malwarebytes report notes that the app may collect information about users’ race, religion, sex life, sexual orientation, health, and other biometrics, adding that the app is essentially a data broker looking to match game developers with users who are willing to install and spend money on mobile games. Games promoted on Freecash include Monopoly Go and Disney Solitaire, among others.

Wired had also investigated the app, and raised concerns about the app’s misleading marketing and the large amounts of data it may have been collecting from users.

TechCrunch found that an earlier version of Freecash, published by Almedia GmbH, had been removed from the App Store in mid-2024. Then, a few months later, an existing app from another publisher called “Rewards” was rebranded as “Freecash” and once again rose to the top of the app charts. This suggested that Almedia had used another developer account to return the app to the App Store.

Using another developer’s account to return a banned app to the App Store is a not-uncommon tactic among the less-than-legitimate developers on the App Store. A Washington Post report noted this method, and the article listed several scammy apps that had disappeared from the App Store and then reappeared after being submitted by a different developer account. 

TechCrunch says that after it reached out to Apple about the Freecash app it was removed from the App Store. Apple referred TechCrunch to two App Store Review Guidelines, as to why the app was removed. Rules 3.1.2(a) and 2.3.1, forbid developers from scamming users, engaging in bait-and-switch tactics, or marketing their apps in a misleading way.

As for the developer’s point of view, Almedia “denied allegations of driving artificial traffic to its platform or using deceptive marketing techniques,” adding that its apps “are fully compliant with the Apple App Store and Google Play Store policies, as demonstrated by the fact that they are live and regularly pass platform reviews.”

Share
Sponsored
Social Sharing