On December 11, 2017, it became apparent that users may have been unwittingly subjected to scammers after a fake MyEtherWallet (MEW) application from developer "Nam Le" appeared in the Apple App Store.
As of this morning, the fake MEW app has been removed from the store; but it was reported that over the weekend it rose to the third rank in Apple's Finance App section. One tracking service estimated that the fake MEW app had received as many as 3,000 downloads.
On December 9, 2017 the social media team at MEW tweeted about the scam in an effort to warn users:
Despite the attempts of the MEW team to get it removed, the fake app persisted in the app store until it was taken down this morning.
MyEtherWallet CMO Jordan Spence told ETHNews:
"We'd like to think that the community played an integral part in getting this false app removed from the iOS store. The app was quickly removed after an outpouring of signal boosting from our followers, friends, and various outlets; the app was allowed to stay up for way too long before then. We'd specifically like to give a huge thanks to people working on anti-phishing with us every day, specifically Charlotte [Franklin], Harry [Denley] from EtherAddressLookup, and Dave [Appleton] from HelloGold. Having people like these three on our side gives us a lot of hope for mitigating these attacks moving forward."
The fraudulent application cost users $4.99. It should be noted that the only current official incarnation of MEW is a browser application which costs nothing to use, and MEW developers have committed to keeping the wallet service free and accessible using open-source software (FOSS).
MEW has often been the target of malicious actors attempting to phish private keys out of users. Members of the community who use MEW should stay aware; this latest mistake by a major corporation is a reminder that it takes constant vigilance to stay ahead of scammers.