A new malware campaign is wreaking havoc on the Play Store. According to researchers at the cybersecurity firm Cyble, more than 20 fraudulent apps have been discovered on Google's app store. Their method is simple, but incredibly effective: they impersonate reputable crypto wallet apps, such as PancakeSwap, SushiSwap, Raydium, and Hyperliquid.
Cloned crypto wallets to trick users
Once installed, these fake apps open a phishing webpage, either in the browser or directly within the app, and ask the user for their mnemonic phrase, a string of words that can restore access to a cryptocurrency wallet. Once this phrase is entered, the funds are simply stolen.
Targeted wallets also include Suiet Wallet, BullX Crypto, Meteora Exchange, Harvest Finance Blog, and OpenOcean Exchange. Cyble notes that the apps often use compromised developer accounts to bypass Google's security checks, allowing them to masquerade as legitimate software.
Google stated that all apps identified in the report have been removed from the Play Store. The firm also emphasizes that its Google Play Protect system is designed to detect this type of behavior and proactively protect users. However, the campaign is still ongoing, and other malicious apps may still appear.
Cyble researchers note that the apps in question share several common elements: similar "package" names, privacy policies containing links to command-and-control (C&C) servers, and similar descriptions. These are all indications that a coordinated infrastructure is behind this operation.
Jake Moore, a cybersecurity expert at ESET, urges vigilance: "Even on the Play Store, which imposes strict controls, it is important to check the developer's details, user reviews, and the number of downloads." He also recommends never installing a crypto app without going through the official website of the service in question.
Cyble adds that the operation uses an extensive phishing infrastructure, linked to more than 50 different domains, which makes it more difficult to detect using traditional protections. Here are the 20 apps in question:
In the world of cryptocurrencies, no bank will save the unwary user. One leaked mnemonic phrase, and the funds disappear forever. The best practice remains to install apps only via links on official crypto wallet websites. And if any of the apps mentioned are on your smartphone, it's urgent to remove them.
Finally, enabling and maintaining Google Play Protect is an additional barrier against these apps, even if it can't guarantee absolute protection. When it comes to cryptocurrency, vigilance remains the best defense.
0 Comments