Delete These Dangerous Apps Now: Fake Crypto Wallets On Play Store Can Drain Your Funds

Cyble flagged that these apps have been progressively discovered over recent weeks, reflecting an ongoing and active campaign.

By : Shayak Majumder | Updated at : 11 Jun 2025 04:50 PM (IST)

Delete These Dangerous Apps Now: Fake Crypto Wallets On Play Store Can Drain Your Funds Delete These Dangerous Apps Now: Fake Crypto Wallets On Play Store Can Drain Your Funds

Users are advised to keep Google Play Protect enabled on their devices to help detect and block such apps.

Cybersecurity firm Cyble has uncovered a growing campaign targeting Android users by disguising malicious apps as legitimate cryptocurrency wallets. More than 20 such apps have made their way into the Google Play Store, bypassing safety protocols and posing a serious risk to crypto holders.

The fake apps mimic the branding of well-known wallets like SushiSwap, PancakeSwap, and Hyperliquid, tricking users into handing over their sensitive credentials. Once downloaded, these apps either open phishing websites or use in-app WebViews to request users’ mnemonic phrases — the unique seed phrases that provide full access to their real crypto wallets.

A Sophisticated Scam Using Hijacked Developer Accounts

These apps employ phishing techniques to steal users’ mnemonic phrases, which are then used to access real wallets and drain cryptocurrency funds, Cyble warned in its report.

The researchers observed a pattern among the apps: consistent use of phishing links embedded in their privacy policies, similar package names, and identical descriptions — a likely sign they are part of a coordinated campaign. Alarmingly, many of these apps were uploaded using compromised or repurposed developer accounts that had previously hosted legitimate apps.

There are more than 20 apps currently identified, but the campaign is live, and so that will expand, Cyble noted. The firm has reported the malicious apps to Google, and most have been taken down, while the rest are in the process of being removed.

Check This List & Remove Immediately

Here are the wallets that have been impersonated so far. If you’ve installed any apps related to these, it’s best to delete them immediately. Note the differences in the spacing and wordings:

Pancake Swap
Suiet Wallet
Hyperliquid
Raydium
BullX Crypto
OpenOcean Exchange
Meteora Exchange
SushiSwap
Harvest Finance Blog

While the apps may have different developer names, they share similar malicious structures. Cyble added that these apps have been progressively discovered over recent weeks, reflecting an ongoing and active campaign.

Stay Safe: Use Play Protect & Be Vigilant

Users are advised to keep Google Play Protect enabled on their devices to help detect and block such apps. Also, avoid entering sensitive crypto credentials unless you are certain about the app’s authenticity. Always verify the source, developer, and reviews before downloading any finance-related application.

The threat highlights how even official app stores aren’t immune from exploitation. As Cyble's discovery shows, staying cautious is the only safeguard in an increasingly deceptive digital landscape.

About the author Shayak Majumder

Shayak Majumder leads the ABP Live English team. He reviews gadgets, covers everything AI, and is on the lookout for the next big tech trend to cover. He is also building a data-driven AI-aware newsroom. Got tips? Reach out!