Fraudulent Rabby Wallet App
As shared by Rabby Wallet on X (via CoinTelegraph), there’s an imposter app available on the App Store using the platform’s name and identity. Named “Rabby Wallet & Crypto Solution,” the app has been available on the App Store for at least four days. On Reddit, some users claim to have had their money stolen by the fake crypto app.
[…]
Affected users have been trying to contact Apple to warn the company about the scam, as well as the real developers behind Rabby Wallet. However, days later, the imposter crypto app remains available on the App Store. Furthermore, Rabby Wallet claims to have submitted its official app to the App Store, but Apple approved the fake app before the real one.
Unfortunately, this is not the first time that a fake Rabby Wallet app for iOS has been approved by Apple.
See also: Apple Support Community.
Previously:
Update (2024-02-20): John-Anthony Disotto:
It appears that the fake Rabby Wallet application is no longer available as iMore wasn’t able to access the listing on the App Store, but the damage has, unfortunately, already been done.
[…]
While every app on the App Store goes through a strict approval process, some can fall through the cracks, like in 2021 when one iPhone user lost $600,000 in Bitcoin to a similar crypto app scam.
Update (2024-02-27): Joshua Long:
It isn’t clear exactly when the Curve Finance app first made it into the App Store. The fake Rabby Wallet app was likely available starting on February 14, given the date on which the fake app’s Facebook page was created and the first (negative) review was posted.
The fake Curve Finance app somehow had a “4.6 out of 5” star rating, with apparently nine five-stars and a single one-star rating. Meanwhile, the fake Rabby Wallet app wasn’t pre-loaded with fake ratings, so it had a “1.0 out of 5” due to two one-star ratings.
[…]
Both fake finance apps used the real products’ names. This time the fake apps’ developers didn’t even try to hide behind typosquatting or similarly spelled names; they just went directly for stealing the names of the companies and products they were mimicking.
5 Comments RSS · Twitter · Mastodon
I trust that Apple apologists will now stop deploying the tired old argument that this is just another exception that proves the rule, that in fact the App Store is a safe and trus—oh hang on ...
The App Store isn't safe. Simples. Use Google to verify you're getting the right app. Just as you'd use Google to verify that your arbitrarily-downloaded executable is coming from the right place and is trustworthy ...
This seems to be a widespread scam. Also happened on Linux: https://popey.com/blog/2024/02/exodus-bitcoin-wallet-490k-swindle/
Not sure how much Canonical pretends to be trustworthy... but a quick google search shows a lot of issues.
@OUG I've no doubt it's widespread, this being crypto, but I think the problem is basically a function of app stores generally. Canonical aren't doing any review, they're relying on containerisation in the Snap Store. If they were completely honest about this, then it'd be a benefit--just free, already packaged and containerised apps. But that's not how they hawk it, obviously.
Conversely, of course, Linux has the package repositories. I can't actually remember any case of a malicious package in the repositories, but I do recall one case where an angry developer backdoored their own code to tell Debian users how terrible Debian was. The consequence of which, of course, was that people (not just Debian users) stopped using that program. Source availability for packagers and at least some amount of spot-checking on a distributed basis absolutely has helped. Maybe that's what we should do for other platforms too?
@Sebby:
In the old days, when I helped develop GPL'd code in the linux kernel, etc, so that normal people would have an option to run a better OS, I'd have said yes, absolutely.
Nowadays, with giant corporations just taking from the free/open software community, employers expecting to piggy-back on others work for free, with ChatGPT and its ilk laundering code they didn't write, books they didn't write, scientific papers they didn't research, art they didn't make, and claiming it to be theirs... and trying to replace the actual people who invented or discovered these things, I no longer advocate for source availability for others... instead I sadly think my younger self as hopelessly naive.