If you’ve recently downloaded a crypto wallet app from the Play Store, you may want to double-check it. A recent report by Cyble Research and Intelligence Labs (CRIL) has revealed over 20 fake cryptocurrency apps mimicking popular platforms like PancakeSwap and SushiSwap. These apps are designed to steal your wallet recovery phrases and drain your crypto funds. In this article, we’ll break down everything you need to know about these apps, how they operate, and what you can do to stay safe
Contents
What’s the Risk?
The identified apps use sophisticated phishing tactics. Once installed, these fake apps prompt users to enter their 12-word recovery phrase. This phrase acts like a master key to your crypto wallet. Once hackers get this information, they can access your wallet and transfer all your funds.
Key Apps Being Mimicked
The fake apps have been found mimicking the following wallets:
- PancakeSwap
- SushiSwap
- Hyperliquid
- Raydium
- Suiet Wallet
- BullX Crypto
- OpenOcean Exchange
- Meteora Exchange
- Harvest Finance Blog
These apps copy the name, logo, and interface of legitimate wallets, making it difficult to spot the fakes.
Dangerous Apps & Their Package Names
| App Name | Package Name |
|---|---|
| Suiet Wallet | co.median.android.ljqjry |
| SushiSwap | co.median.android.pkezyz |
| Raydium | co.median.android.epwzyq |
| Hyperliquid | co.median.android.epbdbn |
| BullX Crypto | co.median.android.braqdy |
| Pancake Swap | co.median.android.djrdyk |
| OpenOcean Exchange | co.median.android.ozjjkx |
| Meteora Exchange | co.median.android.kbxqaj |
| Harvest Finance Blog | co.median.android.ljmeob |
How These Fake Apps Work
These apps are often uploaded through compromised developer accounts that were previously used for legitimate apps. Since these accounts have a good reputation, users are more likely to trust and install the apps. Once installed, the apps use:
- Phishing WebViews: Embedded in the app or privacy policy.
- Accessibility Services: To monitor your screen and keystrokes.
- SYSTEM_ALERT_WINDOW Permissions: To overlay fake login screens.
These permissions allow attackers to see what you copy, paste, or type—even outside the app.
How to Stay Safe
If you’re a crypto wallet user, here’s how you can protect yourself:
- Delete suspicious wallet apps immediately.
- Do not enter your recovery phrase in apps not verified by the official wallet provider.
- Only install apps from trusted developers or links provided on the official wallet website.
- Enable Google Play Protect to scan for harmful apps.
- Enable Two-Factor Authentication (2FA) wherever possible.
- Check app details before downloading: Look at reviews, download count, and developer information.
Step-by-Step: How to Remove Malicious Apps
- Go to Settings > Apps or Apps & Notifications.
- Find the suspicious app in the list.
- Tap on it and select Uninstall.
- If uninstall is blocked, go to Settings > Security > Device Admin Apps.
- Disable admin access and try uninstalling again.
Expert Warnings
- Shane Barney from Keeper Security warns that even trusted platforms like Google Play Store can be compromised.
- Jake Moore of ESET advises crypto users to uninstall unverified apps and always cross-check publisher details.
- Kevin Hoganson of iVerify notes that attackers may use overlay techniques to mimic login screens and steal credentials.
Why This Is a Big Deal
These malicious apps aren’t just copying logos—they’re part of a large phishing infrastructure using over 50 domains. The apps managed to bypass Google’s security checks, which means users need to be extra careful even on the official Play Store.
Frequently Asked Questions (FAQ)
Q1: What is a mnemonic phrase?
A mnemonic phrase is a 12-word secret recovery phrase that gives access to your crypto wallet. Never share it with anyone or enter it into unofficial apps.
Q2: Can Google Play Store apps be dangerous?
Yes. While Google uses security checks, some malicious apps still slip through using compromised developer accounts.
Q3: How can I verify if an app is legitimate?
Always download apps from the wallet’s official website. Check developer information, app ratings, and user reviews.
Q4: What should I do if I already installed a fake app?
Uninstall it immediately, change your wallet access if possible, and move your funds to a new wallet using a fresh recovery phrase.
Q5: Will enabling Play Protect help?
Yes, Google Play Protect can detect and warn you about harmful apps. Make sure it’s always enabled.
Conclusion
Your crypto wallet security is only as strong as the apps you trust. With over 20 fake apps exposed, including PancakeSwap and SushiSwap clones, it’s time to be cautious. Always double-check the source before installing wallet apps, and never share your recovery phrase. One wrong tap could cost you your entire crypto portfolio.
Stay safe, stay smart—and don’t trust just any app with your crypto keys!