A fake version of the popular Ethereum wallet service Rabby has been discovered on the Apple App Store, posing a serious threat to users’ funds and security. The fake app, which has a similar name and logo to the original Rabby wallet, claims to offer the same features and services, but in reality, it is a phishing scam that tries to steal users’ private keys and passwords.
How the Fake App Works
The fake app, which is called Rabby Wallet – Ethereum Wallet, was uploaded to the Apple App Store on October 18, 2023, by a developer named Rabby Wallet LLC. The app description says that it is “the most powerful and easy-to-use Ethereum wallet and DApp browser”, and that it supports “all ERC20 tokens, ERC721 collectibles, and DeFi protocols”. It also claims to have over 10,000 downloads and a 4.8 rating.
However, these claims are all false and misleading. The app is not affiliated with the official Rabby wallet, which is developed by DeBank, a well-known DeFi platform. The app does not have any of the features or functions that the original Rabby wallet offers, such as token swapping, transaction history, portfolio management, and access revoking. Instead, the app only asks users to enter their private keys or passwords to access their wallets, and then sends them to a malicious server, where they can be used to drain users’ funds.
How to Spot and Avoid the Fake App
The fake app is very similar to the original Rabby wallet in appearance, but there are some subtle differences that can help users to identify and avoid it. Here are some tips to spot and avoid the fake app:
- Check the app name and developer name. The original Rabby wallet is simply called Rabby, and the developer name is DeBank. The fake app is called Rabby Wallet – Ethereum Wallet, and the developer name is Rabby Wallet LLC.
- Check the app icon and logo. The original Rabby wallet has a blue and white icon and logo, with the letter R in a circle. The fake app has a purple and white icon and logo, with the letter R in a square.
- Check the app reviews and ratings. The original Rabby wallet has over 100,000 downloads and a 4.9 rating on the Apple App Store, with many positive and genuine reviews from users. The fake app has only over 10,000 downloads and a 4.8 rating, with many fake and generic reviews from bots.
- Check the app permissions and settings. The original Rabby wallet does not ask users to enter their private keys or passwords to access their wallets, but instead uses a secure and encrypted connection with the hardware wallet or browser extension. The fake app asks users to enter their private keys or passwords, and does not have any settings or options to revoke access or manage tokens.
How to Protect Yourself and Your Funds
If you have downloaded the fake app, or suspect that you have, you should take the following steps to protect yourself and your funds:
- Delete the app from your device immediately. Do not open or use the app, and do not enter any information or credentials in it.
- Revoke all existing approvals on all chains for Rabby Swap using the original Rabby wallet or another trusted tool. This will prevent the hackers from using your funds or tokens on any decentralized exchanges or protocols.
- Change your passwords and reset your hardware wallet or browser extension. This will ensure that your private keys and accounts are secure and inaccessible to the hackers.
- Report the app to Apple and warn others about it. You can report the app to Apple by following this link, and you can warn others about it by sharing this article or posting on social media.
The fake Rabby wallet app on the Apple App Store is a phishing scam that tries to steal users’ private keys and passwords, and use them to drain users’ funds. Users should be careful and vigilant when downloading and using any app that claims to be a cryptocurrency wallet or service, and always verify the app name, developer name, icon, logo, reviews, ratings, permissions, and settings. Users should also use a hardware wallet or a browser extension to connect to their wallets, and never enter their private keys or passwords in any app or website. Users should also revoke access and change passwords regularly, and report and warn others about any suspicious or fraudulent app or activity.