We install several apps on our smartphones, mostly using the Google Play Store. While apps listed in the Play Store are supposed to be properly vetted and safe for our devices and data, there are some that manage to sneak in despite Google’s strict policies. According to Cyble Research and Intelligence Labs (CRIL), more than 20 malicious cryptocurrency wallet apps have been discovered on the Google Play Store, posing a significant threat to users by stealing sensitive wallet recovery information. According to the report, these apps are part of an active phishing campaign targeting users of popular decentralised finance (DeFi) wallets, including SushiSwap, PancakeSwap, Hyperliquid, and Raydium.
Why are these apps dangerous?According to the report, once installed, these apps prompt users to enter their 12-word wallet recovery phrase. This phrase is critical for accessing and restoring crypto wallets. By tricking users into providing it, threat actors can take full control of victims’ wallets and transfer all assets.
How they operate?The apps are distributed through repurposed developer accounts — previously used for legitimate apps such as gaming or video tools, which may have already earned user trust. They employ phishing URLs embedded in their privacy policies, use similar package names, and apply identical user interface designs to deploy quickly and widely.
List of affected appsCyble has identified the following malicious applications:| App Name | Package Name |
| Suiet Wallet | co.median.android.ljqjry |
| SushiSwap | co.median.android.pkezyz |
| Raydium | co.median.android.epwzyq |
| Hyperliquid | co.median.android.epbdbn |
| BullX Crypto | co.median.android.braqdy |
| Pancake Swap | co.median.android.djrdyk |
| OpenOcean Exchange | co.median.android.ozjjkx |
| Raydium | co.median.android.pkzylr |
| Hyperliquid | co.median.android.djerqq |
| Suiet Wallet | co.median.android.noxmdz |
| Suiet Wallet | co.median.android.epeall |
| SushiSwap | co.median.android.brlljb |
| Meteora Exchange | co.median.android.kbxqaj |
| BullX Crypto | co.median.android.ozjwka |
| Suiet Wallet | co.median.android.mpeaaw |
| Hyperliquid | co.median.android.aaxblp |
| Raydium | co.median.android.yakmje |
| Hyperliquid | co.median.android.jroylx |
| Pancake Swap | co.median.android.pkmxaj |
| Harvest Finance blog | co.median.android.ljmeob |
| Hyperliquid | co.median.android.epbdbn |
| Raydium | co.median.android.epwzyq |
Delete any of the listed apps from your device.
Never enter your wallet’s recovery phrase in unofficial apps.
Reinstall wallet apps only via verified sources.
Enable two-factor authentication where available.
Monitor crypto wallet activity regularly for suspicious transactions.
Open Settings
Tap Apps or Apps & notifications
Scroll and locate any suspicious wallet apps listed above
Tap the app > Select Uninstall
If the uninstall is blocked due to device admin access:
Go to Settings > Security > Device admin apps
Disable access, then return to uninstall
Note: The process of uninstalling an app from the Google Play Store may vary depending on the device.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
