Recent investigations by Cyble Research and Intelligence Labs (CRIL) have unveiled a significant phishing scheme that has infiltrated the Google Play Store. Over 20 applications masquerading as legitimate cryptocurrency wallet tools have been identified, each designed with the sole intent of pilfering users’ mnemonic phrases—those vital 12-word keys that unlock access to crypto wallets.
The malicious applications employed WebView technology to create deceptive login pages that closely resembled those of well-known platforms like PancakeSwap, thereby tricking unsuspecting users into divulging their sensitive information. This alarming discovery underscores the necessity for users to remain vigilant when navigating the digital landscape.
While Android antivirus solutions and endpoint protection software can provide a layer of security, they are not foolproof. Users are encouraged to ensure that Google Play Protect is activated and to adopt robust security practices, such as utilizing strong, unique passwords and enabling multi-factor authentication wherever possible. Biometric security features should also be activated when available.
To further safeguard against these threats, individuals should exercise caution by avoiding suspicious links received via SMS or email. It is crucial to refrain from entering sensitive information into mobile applications unless their authenticity is verified. A legitimate app should never request a complete mnemonic phrase through a login prompt; if such a request is made, it is likely too late to recover lost assets.
Full list of the 22 fake apps to avoid
- Pancake Swap
Package: co.median.android.pkmxaj
Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html - Suiet Wallet
Package: co.median.android.ljqjry
Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html - Hyperliquid
Package: co.median.android.jroylx
Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html - Raydium
Package: co.median.android.yakmje
Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html - Hyperliquid
Package: co.median.android.aaxblp
Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html - BullX Crypto
Package: co.median.android.ozjwka
Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html - OpenOcean Exchange
Package: co.median.android.ozjjkx
Privacy Policy: hxxps://openoceansi.sbs/privatepolicy.html - Suiet Wallet
Package: co.median.android.mpeaaw
Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html - Meteora Exchange
Package: co.median.android.kbxqaj
Privacy Policy: hxxps://meteorafloydoverdose.sbs/privatepolicy.html - Raydium
Package: co.median.android.epwzyq
Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html - SushiSwap
Package: co.median.android.pkezyz
Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html - Raydium
Package: co.median.android.pkzylr
Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html - SushiSwap
Package: co.median.android.brlljb
Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html - Hyperliquid
Package: co.median.android.djerqq
Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html - Suiet Wallet
Package: co.median.android.epeall
Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html - BullX Crypto
Package: co.median.android.braqdy
Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html - Harvest Finance blog
Package: co.median.android.ljmeob
Privacy Policy: hxxps://harvestfin.sbs/privatepolicy.html - Pancake Swap
Package: co.median.android.djrdyk
Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html - Hyperliquid
Package: co.median.android.epbdbn
Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html - Suiet Wallet
Package: co.median.android.noxmdz
Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html - Raydium
Package: cryptoknowledge.rays
Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc - PancakeSwap
Package: com.cryptoknowledge.quizzz
Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc
