Fake Android apps aren’t just found on shady, third-party app stores. Sometimes, they manage to find their way to the Play Store as well. And if you’ve got any of these apps installed, your crypto wallet is at risk.
Fake Wallet Apps Are Stealing Your Crypto
Researchers at Cyble Research and Intelligence Labs (CRIL) have discovered 20 cryptocurrency phishing apps on the Google Play Store. These apps impersonate legitimate wallet apps like SushiSwap, PancakeSwap, Hyperliquid, and others only to lead you to a fake login page and steal your mnemonic phrase.
These mnemonic phrases, also called seed or recovery phrases, are a randomly generated sequence of words you get when you create a new crypto wallet. You must keep these phrases hidden because they’re essentially human-readable backups of your wallet’s private keys.
They can help you regain access to your wallet if your device is lost or stolen. But in the wrong hands, they can also empty your crypto account. Anyone with access to your mnemonic phrase can access and control assets in your crypto account.
CRIL’s report mentions the following 20 apps:
App name | Package name |
|---|---|
Pancake Swap | co.median.android.pkmxaj |
Suiet Wallet | co.median.android.ljqjry |
Hyperliquid | co.median.android.jroylx |
Raydium | co.median.android.yakmje |
Hyperliquid | co.median.android.aaxblp |
BullX Crypto | co.median.android.ozjwka |
OpenOcean Exchange | co.median.android.ozjjkx |
Suiet Wallet | co.median.android.mpeaaw |
Meteora Exchange | co.median.android.kbxqaj |
Raydium | co.median.android.epwzyq |
SushiSwap | co.median.android.pkezyz |
Raydium | co.median.android.pkzylr |
SushiSwap | co.median.android.brlljb |
Hyperliquid | co.median.android.djerqq |
Suiet Wallet | co.median.android.epeall |
BullX Crypto | co.median.android.braqdy |
Harvest Finance blog | co.median.android.ljmeob |
Pancake Swap | co.median.android.djrdyk |
Hyperliquid | co.median.android.epbdbn |
Suiet Wallet | co.median.android.noxmdz |
You’ll notice that some apps are repeated in the list above. That’s because multiple apps are impersonating the same app or sharing a name to pass off as legitimate. You can tell them apart using their package names.
These apps aren’t using some technical wizardry to trick you either. They’re originally phishing websites that have been converted to Android apps using the Median framework and distributed on the Play Store using developer accounts that were originally offering legitimate apps. Some apps skip the framework and load the phishing website directly in Android WebView.
11 Essential Tips I Use to Keep My Android Phone Secure
Be mindful and be secure.
Some of these developer accounts have as many as 100,000 downloads. Researchers believe that these are older developer accounts that were compromised and are now being used to deliver these phishing apps instead.
Once you see the phishing website, which impersonates a legitimate wallet, you’re asked to enter your 12-word mnemonic phrase. As soon as you do that, you’ve handed the keys to your crypto wallet to the hackers.
Keep Your Wallet Close, and Your Codes Closer
This campaign is another reminder that you should always check app reviews and descriptions before downloading them, even if you’re on the official app store for your platform. When dealing with crypto apps, check to ensure you’re downloading the app from the official developer, and not an impostor.
Related
What to Do If Your Crypto Wallet Gets Hacked
Crypto wallets aren’t impervious to attack—they’re a prime target. So, what do you do if your crypto wallet gets hacked?
Keep in mind that legitimate crypto services will never ask for your mnemonic phrase unless you manually try to recover your account. If you’re asked for a mnemonic phrase during usual logins, something is off. In such cases, immediately check the site URL, and if it’s anything but the legitimate site, it’s time to close that tab immediately.
