Smartphone users rely heavily on the Google Play Store to download apps for everything from entertainment to finance. While Google enforces strict regulations to keep the platform safe, some malicious apps nevertheless get through the cracks. Recently, Cyble Research and Intelligence Labs (CRIL) uncovered more than 20 malicious cryptocurrency wallet apps lurking on the Play Store.
Crypto Users Alert: 20 Fake Wallet Apps You Need to Delete Now
CRIL flags 20 fake crypto wallet apps on Play Store that steal recovery phrases from Android users
Advertisement
These fake apps imitate popular wallets like SushiSwap, PancakeSwap, and Hyperliquid, but their real purpose is far from harmless. By tricking users into disclosing their mnemonic recovery phrases, which are essential keys to crypto wallet access.
How Malicious Crypto Apps Operate
According to the report, these fraudulent apps lure users into entering their 12-word mnemonic phrase by mimicking the interface of legitimate crypto wallets. After this data is entered, then intercepted and transmitted to distant servers under the attackers control. The apps have appeared on the Google Play Store through compromised or repurposed developer accounts that were previously used to distribute legitimate apps, such as games or video tools.
To carry out the scam, threat actors employ a consistent set of strategies. These include phishing URLs in the apps privacy rules, utilizing package names and app descriptions that are similar to real wallets and using development frameworks to swiftly construct and deploy false apps across several accounts. This deceptive strategy makes the phishing campaign harder to detect and more convincing to unsuspecting users.
Advertisement
These apps, which include PancakeSwap, Suiet Wallet, Hyperliquid, Raydium, BullX Crypto, OpenOcean Exchange, Meteora Exchange, SushiSwap, and Harvest Finance Blog, are available on Google Play. It is highly recommended that you delete any of these right away if you have already installed them. Also, never share your wallet recovery phrases, passwords or other personal information with unapproved apps or sites.
What You Should Do
Use trustworthy antivirus software and keep Google Play Protect turned on. Be sure to activate multi-factor authentication and create secure passwords. Avoid clicking on false links in emails or SMS and use biometrics to secure your smartphone.
Show comments
Published At: