Apple is heading into its biggest leadership transition in years, just as scrutiny is mounting over the security of its App Store and the rise of crypto theft on iPhones.
On April 20, the company revealed that John Ternus, its senior vice president of hardware engineering, will succeed Tim Cook as chief executive officer by Sept. 1.
Following Ternus’ ascension, Cook will be moving into the role of executive chairman.
Ternus will be stepping into the new role with deep experience inside Apple’s product organization.
Since joining the company, he has helped lead development across the iPad, AirPods, iPhone, and Mac. He also played a central role in Apple’s shift to its own silicon for the Mac and recently led the public unveiling of the iPhone Air.
Cook described Ternus as a leader whose contributions have shaped Apple’s product lineup over the past quarter-century. He stated:
“John Ternus has the mind of an engineer, the soul of an innovator, and the heart to lead with integrity and with honor. He is a visionary whose contributions to Apple over 25 years are already too numerous to count, and he is without question the right person to lead Apple into the future.”
However, the impending transition comes at a time when the company is balancing several pressures, including competition in artificial intelligence, slowing hardware growth, and a more immediate security challenge within one of its most closely guarded businesses.
Fraudulent wallet apps slip into Apple’s ecosystem
Apple has long presented the App Store as a tightly managed marketplace, with software screened before it reaches users.
That reputation is now facing fresh scrutiny after cybersecurity researchers uncovered a wave of fraudulent crypto wallet apps that have moved through Apple’s ecosystem, exposing users to significant losses.
Kaspersky Threat Research said it identified at least 26 applications impersonating major crypto brands, including MetaMask, Ledger, Trust Wallet, and Coinbase. Some of the apps have already been removed, while others were still circulating when the firm published its findings.
Kaspersky linked the operation to a malware campaign it calls SparkKitty, which it said has been active since late 2025.
The researchers reported that the scam starts with apps that appear harmless enough to avoid early detection. They are presented as simple tools such as calculators, games, or task managers, allowing them to pass through Apple’s initial review process.
Once installed, the apps direct users to webpages designed to look like official App Store listings.
Sergey Puzan, a mobile malware expert at Kaspersky, said:
“While the apps that kick off the attack chain are not inherently malicious, they lead to the user installing a trojan in the end. By paying a fee and setting up a developer account, the attackers can target any iOS device if the user succumbs to the phishing tactic.”
From there, victims are guided toward downloading what appears to be a legitimate crypto wallet. The scheme relies on social engineering and custom developer profiles, which allow software to be installed outside the standard App Store channel.
After a user approves the profile, a compromised version of the wallet is loaded onto the device.
Notably, some of these fake apps have already caused substantial financial damage.
Earlier this month, American musician G. Love revealed that he lost 5.9 Bitcoin, worth about $436,000, after downloading what he believed was a legitimate Ledger app from Apple’s App Store.
He said the software prompted him to enter his seed phrase, and the funds disappeared almost immediately.
Against this backdrop, the malicious campaign has raised broader questions about the level of protection users actually receive when a scam is routed through software that appears to come from within Apple’s own ecosystem.
For crypto users in particular, an app’s presence in the App Store can carry an assumption of legitimacy, especially when it closely copies the identity and branding of established wallet providers.
Apple’s crypto opening adds new pressure
Apple has never been an aggressive corporate participant in the crypto space. The iPhone maker does not hold Bitcoin on its balance sheet and does not natively accept cryptocurrency for purchases on the App Store.
At the same time, the firm is not entirely outside the crypto sector’s infrastructure.
Its software tools, including Apple CryptoKit, support secure cryptographic functions on devices. Apple Pay is also integrated into parts of the crypto economy through third-party services that help users move between digital assets and traditional payments.
Over the past year, Apple has also eased some of its restrictions around crypto-related apps. It removed earlier limitations that had constrained certain in-app transactions involving digital assets and dropped its 30% commission on those specific purchases.
That policy shift helped open the platform to a wider range of crypto products by giving DeFi apps and NFT marketplaces more room to operate on iOS.
However, it also expanded the surface area for fraud, especially as interest in self-custody wallets and token-based applications spread beyond specialist users.
Nonetheless, Apple has continued to point to the scale of its enforcement efforts. Last year, the company said it had blocked more than $9 billion in potentially fraudulent transactions between 2020 and 2024.
In 2024 alone, it said it rejected 2 million app submissions due to privacy and security concerns and terminated nearly 300,000 developer customer accounts over fraud risks.
A new chief executive inherits a new kind of security test
For Ternus, the timing is difficult.
He arrives at the top of Apple with a reputation built on hardware execution, product development, and operational discipline.
However, the immediate challenge before him extends to a different part of the company, where trust in the App Store sits alongside broader concerns about platform governance and user safety.
Apple’s reputation has long rested in part on the idea that its walled garden offers cleaner, safer software distribution than rival ecosystems.
Crypto scams delivered through App Store-adjacent experiences threaten that image because they target the very users most likely to rely on Apple’s screening as a first line of defense.
Ternus will begin his tenure with investors watching not only how Apple handles its product roadmap and AI strategy, but also how firmly it responds to the growing use of its platform by organized crypto thieves.