Smartphone users, delete these 'dangerous' apps from your phone

We install several apps on our smartphones, mostly using the Google Play Store. While apps listed in the Play Store are supposed to be properly vetted and safe for our devices and data, there are some that manage to sneak in despite Google’s strict policies. According to Cyble Research and Intelligence Labs (CRIL), more than 20 malicious cryptocurrency wallet apps have been discovered on the Google Play Store, posing a significant threat to users by stealing sensitive wallet recovery information. According to the report, these apps are part of an active phishing campaign targeting users of popular decentralised finance (DeFi) wallets, including SushiSwap, PancakeSwap, Hyperliquid, and Raydium.

Why are these apps dangerous?
According to the report, once installed, these apps prompt users to enter their 12-word wallet recovery phrase. This phrase is critical for accessing and restoring crypto wallets. By tricking users into providing it, threat actors can take full control of victims’ wallets and transfer all assets.

How they operate?
The apps are distributed through repurposed developer accounts — previously used for legitimate apps such as gaming or video tools, which may have already earned user trust. They employ phishing URLs embedded in their privacy policies, use similar package names, and apply identical user interface designs to deploy quickly and widely.

List of affected apps

Cyble has identified the following malicious applications:

What you should do
Delete any of the listed apps from your device.
Never enter your wallet’s recovery phrase in unofficial apps.
Reinstall wallet apps only via verified sources.
Enable two-factor authentication where available.
Monitor crypto wallet activity regularly for suspicious transactions.