We install many apps on our smartphones. Google Play Store is a common source. Apps there should be safe. However, some dangerous ones sneak in. Cyble Research and Intelligence Labs (CRIL) found over 20 malicious crypto wallet apps. They pose a significant threat. These apps steal sensitive recovery information. Furthermore, they are part of an active phishing campaign. They target users of popular decentralized finance (DeFi) wallets. This includes SushiSwap and PancakeSwap. Also targeted are Hyperliquid and Raydium.
Why These Crypto Apps Are Dangerous
These apps are quite dangerous. Once installed, they prompt users for their 12-word recovery phrase. This phrase is vital for accessing crypto wallets through crypto apps. Thus, users enter it. Threat actors then gain full control. Consequently, they transfer all your assets.
How Malicious Apps Operate
Developers distribute them using repurposed accounts. These accounts once hosted legitimate apps. For instance, they offered games or video tools. They may have already earned user trust. Furthermore, they employ phishing URLs. These are embedded in their privacy policies. They also use similar package names. Moreover, they apply identical user interface designs. This helps them deploy quickly. They spread widely, too.
List of Affected Crypto Apps
Here is a list of the malicious applications identified by Cyble, arranged alphabetically:
- BullX Crypto: co.median.android.braqdy
- BullX Crypto: co.median.android.ozjwka
- Harvest Finance blog: co.median.android.ljmeob
- Hyperliquid: co.median.android.aaxblp
- Hyperliquid: co.median.android.djerqq
- Hyperliquid: co.median.android.epbdbn
- Hyperliquid: co.median.android.epbdbn
- Hyperliquid: co.median.android.jroylx
- Meteora Exchange: co.median.android.kbxqaj
- OpenOcean Exchange: co.median.android.ozjjkx
- Pancake Swap: co.median.android.djrdyk
- Pancake Swap: co.median.android.pkmxaj
- Raydium: co.median.android.epwzyq
- Raydium: co.median.android.epwzyq
- Raydium: co.median.android.pkzylr
- Raydium: co.median.android.yakmje
- Suiet Wallet: co.median.android.epeall
- Suiet Wallet: co.median.android.ljqjry
- Suiet Wallet: co.median.android.mpeaaw
- Suiet Wallet: co.median.android.noxmdz
- SushiSwap: co.median.android.brlljb
- SushiSwap: co.median.android.pkezyz
Immediate Actions to Take
You must take action. First, delete any listed apps from your device. Never enter your wallet’s recovery phrase. Do not use unofficial apps. Reinstall wallet apps only from verified sources. Enable two-factor authentication where possible. Finally, monitor crypto wallet activity regularly. Look for suspicious transactions.
How to Delete These Apps
Deleting these apps is simple. Open your phone’s Settings. Tap on “Apps” or “Apps & notifications.” Scroll and find suspicious wallet apps. Tap the app name. Then, select “Uninstall.” If uninstalling is blocked, go to “Settings.” Next, find “Security.” Tap “Device admin apps.” Disable access there. Then, return to uninstall the app. This process may vary slightly by device.