Cybersecurity experts are warning that millions of people could be at risk of having their digital wallets emptied unless they delete several apps right away.
A team at cybersecurity company Cyble has uncovered 20 apps that can trick people into handing over access of their cryptocurrency to hackers.
The phony apps were found in the Google Play Store and impersonate trustworthy digital wallet apps available for download, using the same exact name or a close copy that could be easily overlooked.
The fake apps include Pancake Swap, Suiet Wallet, Hyperliquid, Raydium, BullX Crypto, Meteora Exchange, Harvest Finance Blog, SushiSwap, and OpenOcean Exchange.
These malicious apps also use identical or similar logos and designs to trick users into downloading them from the Google Play Store.
Although the fake digital wallets use the same name as legitimate apps, people can tell if it’s a phony by checking the developer name.
The real PancakeSwap app will say that the developer is the PancakeSwap team, while the fake one that steals your money uses a developer ‘package’ that reads co.median.android.pkmxaj.
Cyble revealed that the other 11 apps that digital wallet users need to delete right away use variations of the app names for Suiet Wallet, Raydium, SushiSwap, Hyperliquid, BullX Crypto, and Harvest Finance blog, as well as different developer packages.
These malicious apps also use identical or similar logos and designs as real digital wallets to trick users into downloading them
Simply put, you may encounter multiple copies of the same SushiSwap app in the Google Play Store but only one of them is the real thing.
Without checking the developer package and looking for other suspicious signs that the app is a fraud, you could download the wrong digital wallet and give a hacker a secret back door to your cryptocurrency.
Key ways to spot a phony copy of a trust app include seeing a very low number of downloads. Normally, a popular app will have been downloaded thousands, if not millions, of times.
A long list of positive reviews about the app on its Google Play Store page will also help prove that you’ve found the right one.
Estimates show that more than 400 million people worldwide use cryptocurrency, including millions of Android owners.
The fake apps are designed to trick users into entering their 12-word mnemonic phrase, a secret code used to access cryptocurrency wallets.
Once entered, hackers can steal this phrase, gain access to your real wallet, and take your cryptocurrency, which can’t be recovered once it’s gone.
Stolen cryptocurrency can’t be returned because blockchain transactions are permanent, decentralized, and irreversible, giving users more anonymity than regular banking.
The scheme could affect anyone who stores digital currencies like Bitcoin or Ethereum in one of these fraudulent wallets
The scheme could affect anyone who stores digital currencies like Bitcoin or Ethereum in one of these fraudulent wallets.
Making the scam even harder to spot is the fact that researchers found the developer packages (or accounts) were at one time reputable app makers.
Read More
New Apple iOS 26 promises the 'biggest changes' after launching 'worst AI in Silicon Valley'
‘These accounts were originally used to distribute legitimate apps, including gaming, video downloader, and live streaming applications, and some have amassed over 100,000 downloads,’ the Cyble team wrote in their report.
Hackers either compromised these accounts by stealing the login credentials of the original developers or repurposed them, meaning they bought or took over the accounts (legally or illegally) to use for their own purposes.
Once in control of the app package, hackers used these trusted accounts to publish the 20 malicious cryptocurrency phishing apps, including the fake PancakeSwap and SushiSwap wallets.
Since the accounts already had a history of being a legitimate service with high download numbers, the fake apps appeared to be almost as trustworthy as the real things in the Google Play Store.
If you downloaded the fake wallet use your mnemonic phrase, hackers can access your actual cryptocurrency wallet on the blockchain, even if it’s on a different app or device, since the phrase works universally for compatible wallets.
The app itself is fake. It doesn’t manage or store your crypto like a legitimate wallet.
Instead, it’s all a front to steal that security code. Once hackers have the phrase, they interact directly with the blockchain to move your real cryptocurrency to their wallets.
To check if you’ve got the right app, go to your Android device’s app settings or the Google Play Store to see if any of these apps (or their package names) are installed.
Package names can be found in the Play Store under the app’s details or in your device’s app info.
For iPhone users, Apple’s App Store uses a stricter app review process. However, iPhone users aren’t completely safe as similar phishing scams could target iOS through other means, like fake websites or unofficial app sources.
Apple users can stay safe by sticking with downloads from the official App Store, avoid sideloading apps from unknown sources, and avoiding suspicious links in emails or texts asking for wallet details.
Cyble Research and Intelligence Labs (CRIL) reported the fake apps to Google which has removed most of the apps, but some are still in the Play Store.
20 Malicious Digital Wallet Apps to Delete Immediately
Pancake Swap – Package: co.median.android.pkmxaj
Suiet Wallet – Package: co.median.android.ljqjry
Hyperliquid – Package: co.median.android.jroylx
Raydium – Package: co.median.android.yakmje
Hyperliquid – Package: co.median.android.aaxblp
BullX Crypto – Package: co.median.android.ozjwka
OpenOcean Exchange – Package: co.median.android.ozjjkx
Suiet Wallet – Package: co.median.android.mpeaaw
Meteora Exchange – Package: co.median.android.kbxqaj
Raydium – Package: co.median.android.epwzyq
SushiSwap – Package: co.median.android.pkezyz
Raydium – Package: co.median.android.pkzylr
SushiSwap – Package: co.median.android.brlljb
Hyperliquid – Package: co.median.android.djerqq
Suiet Wallet – Package: co.median.android.epeall
BullX Crypto – Package: co.median.android.braqdy
Harvest Finance blog – Package: co.median.android.ljmeob
Pancake Swap – Package: co.median.android.djrdyk
Hyperliquid – Package: co.median.android.epbdbn
Suiet Wallet – Package: co.median.android.noxmdz