Cybersecurity Researchers Find 20 Crypto-Phishing Apps on Google Play Store: Check List

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

Cybersecurity Researchers Find 20 Crypto-Phishing Apps on

This is the hidden content, please

• Sign In
• or
• Sign Up

Play Store: Check List

A team of cybersecurity researchers have found 20 apps on the

This is the hidden content, please

• Sign In
• or
• Sign Up

Play Store which were targeting cryptocurrency wallet users. According to a report by a cybersecurity research firm, these crypto-phishing applications impersonated legitimate crypto wallets such as Hyperliquid, PancakeSwap, and Raydium. Threat actors leveraged phishing tactics and compromised or repurposed developer accounts, forcing users to enter their 12-word mnemonic phrase on a web-based false wallet interface and gaining access to their real wallets, the report stated.

Crypto-Phishing Apps on

This is the hidden content, please

• Sign In
• or
• Sign Up

Play Store

This is the hidden content, please

• Sign In
• or
• Sign Up

have identified over 20 cryptocurrency phishing apps on the

This is the hidden content, please

• Sign In
• or
• Sign Up

Play Store. The apps reportedly used similar package names and descriptions as legitimate crypto wallet apps but were published under different developer accounts which are often compromised. Alternatively, the report mentions some of these apps were also listed under repurposed developer accounts which were originally used for distribution of apps related to gaming, live streaming, and video download.

The malicious apps discovered on the Play Store also embedded Command and Control (C&C) URLs within their privacy policies to appear as legitimate. Threat actors were said to use the Median framework to convert web pages into Android apps.

Once an app is installed and opened by the victim, a URL, which resembles the privacy policy, redirects them to a phishing website. It is reported to have been designed to specifically steal 12-word mnemonic phrases via a WebView in the app. This results in the threat actor gaining access to the victim’s crypto wallet and potentially draining all of the funds.

The report states these apps were linked to a network of over 50 phishing domains. Cybersecurity researchers found the following apps with their respective package names and privacy policy URLs on the

This is the hidden content, please

• Sign In
• or
• Sign Up

Play Store:

Name	Package Name	Privacy Policy
Pancake Swap	co.median.android.pkmxaj	hxxps://pancakedentfloyd.cz/privatepolicy.html
Suiet Wallet	co.median.android.ljqjry	hxxps://suietsiz.cz/privatepolicy.html
Hyperliquid	co.median.android.jroylx	hxxps://hyperliqw.sbs/privatepolicy.html
Raydium	co.median.android.yakmje	hxxps://raydifloyd.cz/privatepolicy.html
Hyperliquid	co.median.android.aaxbjp	hxxps://hyperliqw.sbs/privatepolicy.html
Bulix Crypto	co.median.android.ozjwka	hxxps://bullxni.sbs/privatepolicy.html
OpenOcean Exchange	co.median.android.ozjljk	hxxps://openoceansi.sbs/privatepolicy.html
Suiet Wallet	co.median.android.mpeaaw	hxxps://suietsiz.cz/privatepolicy.html
Meteora Exchange	co.median.android.kbxqaj	hxxps://meteoraflordoverdose.sbs/privatepolicy.html
Raydium	co.median.android.epwzyq	hxxps://raydifloyd.cz/privatepolicy.html
SushiSwap	co.median.android.pkezyz	hxxps://sushijames.sbs/privatepolicy.html
Raydium	co.median.android.pkzyjr	hxxps://raydifloyd.cz/privatepolicy.html
SushiSwap	co.median.android.briljb	hxxps://sushijames.sbs/privatepolicy.html
Hyperliquid	co.median.android.djerqq	hxxps://hyperliqw.sbs/privatepolicy.html
Suiet Wallet	co.median.android.epeall	hxxps://suietwz.sbs/privatepolicy.html
Bulix Crypto	co.median.android.braqdy	hxxps://bullxni.sbs/privatepolicy.html
Harvest Finance blog	co.median.android.ljmeob	hxxps://harvestfin.sbs/privatepolicy.html
Pancake Swap	co.median.android.djrdyk	hxxps://pancakedentfloyd.cz/privatepolicy.html
Hyperliquid	co.median.android.epbdbn	hxxps://hyperliqw.sbs/privatepolicy.html
Suiet Wallet	co.median.android.noxmdz	hxxps://suietwz.sbs/privatepolicy.html

“These apps have been progressively discovered over recent weeks, reflecting an ongoing and active campaign”, researchers said. They promptly reported them to

This is the hidden content, please

• Sign In
• or
• Sign Up

, leading to their removal from the Play Store. Users are advised to take immediate action and uninstall them from their devices, in addition to securing their crypto wallet.

For the latest tech news and reviews, follow Gadgets 360 on

This is the hidden content, please

• Sign In
• or
• Sign Up

,

This is the hidden content, please

• Sign In
• or
• Sign Up

,

This is the hidden content, please

• Sign In
• or
• Sign Up

,

This is the hidden content, please

• Sign In
• or
• Sign Up

and

This is the hidden content, please

• Sign In
• or
• Sign Up

. For the latest videos on gadgets and tech, subscribe to our

This is the hidden content, please

• Sign In
• or
• Sign Up

. If you want to know everything about top influencers, follow our in-house

This is the hidden content, please

• Sign In
• or
• Sign Up

on

This is the hidden content, please

• Sign In
• or
• Sign Up

and

This is the hidden content, please

• Sign In
• or
• Sign Up

.

Gemini App Is Getting a New Scheduled Actions Feature on iOS and Android

This is the hidden content, please

• Sign In
• or
• Sign Up

#Cybersecurity #Researchers #Find #CryptoPhishing #Apps #

This is the hidden content, please

• Sign In
• or
• Sign Up

#Play #Store #Check #List

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up