[WARNING] new fake Sparrow mobile wallet has appeared!!!

[BitMaxz]

I don’t think you were the only person, I think it was more general agreeable fact then, because while the android play store was a den for fake APPs just like the window OS, Apple play store and it’s MacOS was not like that, it had this way that it filters this Apps not getting there and the mobile device was my go to then because of this act than Android.

I think it actually has something to do with policy which hinders this fake apps getting into their store but is it that this restrictions have been the uplifted or relaxed and probably thorough scrutiny again like before and Apps can just pay and get listed on the store or that scammers have actually found a way to game the restrictions and find their way round it.

Probably could be policy changes a have seen even Tim Cook is stepping down as CEO with John Ternus ready to take over,

I think their way to bypass the Apple Store to be listed is by submitting the legit app first, and then later they are going to update it with the fake app.
I don't know if Apple manually reviews the app before they list it since, according to their developer guidelines, Apple will check the app against these rules. It might be that it just submitted the legit one first, I guess, and then these hackers update it once it's approved.
I don't know if the app reviews are done by real human beings or a bot or AI?

It's pretty bad if it was a bot or AI because they can easily submit any fake apps that look legit; without a manual check, they can't determine easily if the app is legit or not.

[Pmalek]

You literally had a similar post on August last year when Jimmy Ramirez lost his 7.4BTC due to similar  Fake sparrow wallet on his IPhone . It’s been heating up since then..
https://bitcointalk.org/index.php?topic=5552731.0

Nice catch! Apple already deleted the new fake Sparrow app that I mentioned yesterday, so that's good. It had a similar name to the app I wrote about last year. Both scammers, or perhaps it's the same person, were focused on multisig. The old one was named Sparrow Multi-Sig while the new one used brackets and was called Sparrow{Mobile}: Wallet M-Sig. Anyways, they are things of the past now.

[UmerIdrees]

there’s a new fake Sparrow wallet in the Apple store again!
once again, the scammer is trying to get your seed phrase/words so they can steal your valuable Bitcoins!
the original Sparrow wallet is only available as a desktop version... all other mobile versions are fakes!

I think all the popular wallet services should have their Android and iOS versions too, and then this type of fake wallets scam will be minimised to a great extent. If the Sparrow had their mobile wallet, it would have been a lot more difficult for the scammers to create a duplicate scam wallet but since they don't possess an official wallet, this kinda open doors for the scammers to exploit this and make people believe that Sparrow has an official mobile wallet too 

[Pmalek]

I think all the popular wallet services should have their Android and iOS versions too, and then this type of fake wallets scam will be minimised to a great extent.

Perhaps, but you can't protect people from themselves. You would still have those that visit app stores and search for wallets there instead of going through official sources and links on official websites. Scammers distribute fake apps over social media, in ads, and over email and enough people fall for it. If they didn't, the scammers wouldn't bother wasting their time to clone and distribute their phishing apps.

[promise444c5]

Nice catch! Apple already deleted the new fake Sparrow app that I mentioned yesterday, so that's good. It had a similar name to the app I wrote about last year. Both scammers, or perhaps it's the same person, were focused on multisig. The old one was named Sparrow Multi-Sig while the new one used brackets and was called Sparrow{Mobile}: Wallet M-Sig. Anyways, they are things of the past now.

You did a Good job with the reports that took it down.. I tried checking before my post but  it wasn’t accessible which means they already taken if I didn’t made any typo and it shows that they are active on reports.

It’s likely same app controlled by same person as you’ve mentioned, just a change of name was likely the difference..

I’m still wondering if Apple don’t keep record of why they delete apps, this apps shouldn’t be getting through fr.
Although Cygan  screenshot doesn’t have the `Multi-sig’, but they all have name `Sparrow’ and it’s categorized as Wallet.

[UmerIdrees]

I think all the popular wallet services should have their Android and iOS versions too, and then this type of fake wallets scam will be minimised to a great extent.

Perhaps, but you can't protect people from themselves. You would still have those that visit app stores and search for wallets there instead of going through official sources and links on official websites. Scammers distribute fake apps over social media, in ads, and over email and enough people fall for it. If they didn't, the scammers wouldn't bother wasting their time to clone and distribute their phishing apps.

Well, I would suggest everyone (and I personally follow too) to visit the official wallet websites and from there click on the Play Store or App Store link, and that will take them to the right app, and they won't end up installing any fake app. This is more true for the financial related apps where money is involved, as scammers and hackers focus on those apps that can make them money if they are able to hack into people's crypto accounts.

[Cricktor]

Some (are there too many?) people in the crypto coin space don't live by the mantra: don't trust, verify!

Why do people trust Apple Store? Because Apple's marketing tells you so? Seriously, you believe marketing?

I know that you commonly can't check mobile apps from Google App store or Apple Store by checksums or signature. But then you should at least verify and check if there is a mobile app link from the wallet's original website.

People who deliberately choose to fail such checks are likely destined to be parted from their coins. Don't complain why e.g. Apple doesn't prevent this, you're again off-loading your responsibilities to an entity that doesn't really deserve your trust. If you blindly trust large companies, you're already a lost case.

[NotATether]

This reminds me of Apple removing fake Ledger from their App Store. It seems they're targeting hardware wallet users, as Sparrow is the most compatible with hardware wallets.

App Store's reputation has suffered greatly.

I thought it was difficult to get an app listed on the App Store, after hearing about the $99.99/year fee you have to pay with a credit card and all of the design guidelines you need to implement in your app, but no, for these scammers it's not a problem. They must be using some 3rd party distribution service that handles App Store listings and doesn't ask any questions about the code.

[Forsyth Jones]

I just received a phishing email from Sparrow App in my Gmail from the sender support@sparrow-update[.]com

The message says they've added an extra two-factor authentication login verification, 2FA.



There are reports on X of other people who received it...

https://x.com/erskingardner/status/2051261656303366377
https://x.com/skocherhan/status/2051267396241957060

There are several emails from other wallets (nunchucks) with the same link, I'll expose them here:

Beware, PHISHING!

Code:

https://u106621123.ct.sendgrid.net/ls/click?upn=u001.81...

Edit: I edited this post, hiding the rest of the URL so that no one runs the risk. Anyone who wants to investigate this link can simply access the archived version of this post.

[nc50lc]

Edit: I edited this post, hiding the rest of the URL so that no one runs the risk. Anyone who wants to investigate this link can simply access the archived version of this post.

With the red warning that you've added, you're not breaking any forum rules
And you even entered it inside [code][/code] tags so it wont be clickable.

BTW, what's its relation to this fake mobile app?
Have you tested the app and they've sent you that phishing email through the linked email?

[Forsyth Jones]

With the red warning that you've added, you're not breaking any forum rules
And you even entered it inside [code][/code] tags so it wont be clickable.

Yeah, as we are on a forum generally frequented by people with greater knowledge and technical ability, it might be a bit exaggerated, but there is always that minority that ends up falling straight into the hole, they end up clicking on everything before even reading. I've worked with people and seen everything happen... BTW thanks for mentioning that.

BTW, what's its relation to this fake mobile app?
Have you tested the app and they've sent you that phishing email through the linked email?

There might be likely to be the same author, the email message is archived in the spam box, so Google removed the images, logos and everything, I should have taken a screenshot before archiving it and sending it to spam.

And no, I didn't download the phishing app or even enter my email into something related to sparrow, the truth is that my email was leaked, I changed my password, it's an email I've been using since the beginning of the 2010s, otherwise I would have abandoned it and created another one.