Delete These Dangerous Apps Now: Fake Crypto Wallets On Play Store Can Drain Your Funds
Cyble flagged that these apps have been progressively discovered over recent weeks, reflecting an ongoing and active campaign.
Cybersecurity firm Cyble has uncovered a growing campaign targeting Android users by disguising malicious apps as legitimate cryptocurrency wallets. More than 20 such apps have made their way into the Google Play Store, bypassing safety protocols and posing a serious risk to crypto holders.
The fake apps mimic the branding of well-known wallets like SushiSwap, PancakeSwap, and Hyperliquid, tricking users into handing over their sensitive credentials. Once downloaded, these apps either open phishing websites or use in-app WebViews to request users’ mnemonic phrases — the unique seed phrases that provide full access to their real crypto wallets.
A Sophisticated Scam Using Hijacked Developer Accounts
These apps employ phishing techniques to steal users’ mnemonic phrases, which are then used to access real wallets and drain cryptocurrency funds, Cyble warned in its report.
The researchers observed a pattern among the apps: consistent use of phishing links embedded in their privacy policies, similar package names, and identical descriptions — a likely sign they are part of a coordinated campaign. Alarmingly, many of these apps were uploaded using compromised or repurposed developer accounts that had previously hosted legitimate apps.
There are more than 20 apps currently identified, but the campaign is live, and so that will expand, Cyble noted. The firm has reported the malicious apps to Google, and most have been taken down, while the rest are in the process of being removed.
Check This List & Remove Immediately
Here are the wallets that have been impersonated so far. If you’ve installed any apps related to these, it’s best to delete them immediately. Note the differences in the spacing and wordings:
- Pancake Swap
- Suiet Wallet
- Hyperliquid
- Raydium
- BullX Crypto
- OpenOcean Exchange
- Meteora Exchange
- SushiSwap
- Harvest Finance Blog
While the apps may have different developer names, they share similar malicious structures. Cyble added that these apps have been progressively discovered over recent weeks, reflecting an ongoing and active campaign.
Stay Safe: Use Play Protect & Be Vigilant
Users are advised to keep Google Play Protect enabled on their devices to help detect and block such apps. Also, avoid entering sensitive crypto credentials unless you are certain about the app’s authenticity. Always verify the source, developer, and reviews before downloading any finance-related application.
The threat highlights how even official app stores aren’t immune from exploitation. As Cyble's discovery shows, staying cautious is the only safeguard in an increasingly deceptive digital landscape.
Top Headlines
