If you’ve recently downloaded a crypto app from the Google Play Store, you should probably check this list from Cyble Research and Intelligence Labs (CRIL) just to be safe
Cybersecurity researchers at CRIL recently found 20 malicious apps managed to infiltrate the Play Store in order to trick users by appearing to be legitimate wallet apps providing crypto services.
PC Mag reports that the apps have since been removed from the Play Store, however, some of them were downloaded hundreds of thousands of times which many people could be at risk from having their digital funds drained by threat actors.
Delete these apps right now
Here is the full list of malicious apps found stealing cryptocurrency on the Play Store:
- Pancake Swap
- Suiet Wallet
- Hyperliquid
- Raydium
- Hyperliquid
- Bullx Crpto
- OpenOcean Exchange
- Suiet Wallet
- Meteora Exchange
- Harvest Finance Blog
While there are 20 malicious apps in this list overall, many of them use the same app name but have different package names. Regardless though, you're going to want to delete any app with one of the names listed above even if they have different developers.
How to stay safe and what to do next
These fake apps will remain on a device until they are manually removed so the first step to ensuring that you are safe is to check and see if you have downloaded any of them by mistake.
The threat actors created multiple fake apps for services like SushiSwap, Harvest Finance blog, Meteora Exchange, OpenOcean Exchange, Pancake Swap, Raydium, Bulix Crypto, Hyperliquid and Suiet Wallet.
Users who installed the malicious apps were redirected to a URL that asked for the 12-word recovery phrase that is connected to their official crypto currency wallets. Using this phrase, a threat actor could remove the funds from these wallets.
The attackers who developed these fake apps used developer accounts on the Play Store that were already established as legitimate and that had other non-malicious, clean apps on offer like Android games. This added legitimacy to the operation and was likely how they managed to slip past Google's defenses in the first place.
Those who have been infected should find an alternate way to access the crypto wallet without using the fake app, then changing their access information and report the potentially malicious access directly to their crypto service. If you are still concerned, you can also remove your funds from the account and put them in an alternative service.
In order to stay safe from malicious apps, you want to make sure that Google Play Protect is enabled on your smartphone. This free app comes pre-installed on all of the best Android phones and it can scan your existing apps as well as any new ones you download for malware. For extra protection though, you might also want to run one of the best Android antivirus apps alongside it.
There's loads of money to be made from crypto for cybercriminals and fake apps are one of the easiest ways for them to gain a foothold on your smartphone. This is why you want to be extra careful when downloading new apps, though you also should limit the number of apps you have overall as even good apps can go bad.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
