The Article Tells the Story of:
- Fake Wallet Apps That Look Real: Hackers used trusted brand names like PancakeSwap and SushiSwap to trick users into downloading fake apps from the Google Play Store.
- A Secret Campaign Stealing Crypto: Over 20 apps were discovered stealing wallet recovery phrases to drain real crypto wallets — and the campaign is still active.
- Compromised Developer Accounts: The attackers hijacked once-legitimate developer accounts to bypass Google’s app review process and plant phishing apps.
- No Warning, No Refunds: Victims lose their crypto instantly with no chance of recovery — unless you delete these apps now, your funds could be next.
A Growing Threat Hides in the Play Store
Cybersecurity firm Cyble has identified over 20 fake crypto wallet apps on the Google Play Store. These apps trick users into handing over the access phrases to their digital wallets. Once a user shares this phrase, hackers can steal all the crypto funds linked to that wallet.
These apps are hard to spot. They use the names and logos of trusted wallet services like PancakeSwap, SushiSwap, and Hyperliquid. Many people download them without realizing they are fakes. Even though the Play Store is seen as a secure source, these apps still managed to slip through.
The fake apps use compromised developer accounts to look legitimate. They also embed malicious websites inside the app or redirect users to phishing pages. Once the app opens, it asks for a 12- or 24-word recovery phrase — the mnemonic phrase used to recover a wallet. If you enter that phrase, the hackers can take full control.
Cyble confirms that this threat is still active. More apps are appearing each week, and users should check their phones and delete any suspicious apps right away.
These Are the Fake Wallet Apps You Must Delete
Cyble found that the campaign targets popular crypto wallets. The fake apps impersonate these wallets by copying their branding and mimicking their app names. They were able to appear on the Play Store by taking over existing developer accounts that once published real apps.
Here are the crypto wallets currently being faked:
- PancakeSwap
- Suiet Wallet
- Hyperliquid
- Raydium
- BullX Crypto
- OpenOcean Exchange
- Meteora Exchange
- SushiSwap
- Harvest Finance Blog
Some of these names may appear familiar. That’s exactly what the attackers want. They rely on the trust users already have in these platforms to trick people into installing the malware.
Although the fake apps use different developer accounts, Cyble says they follow a similar pattern. Many have the same style of privacy policies. They often include hidden Command and Control (C&C) server links inside those policies. Their package names and app descriptions are also strikingly similar.
This campaign continues to grow. Cyble’s report warns that while only 9 wallets have been mimicked so far, that number could increase. The apps found so far are just the beginning.
Delete These Apps and Protect Your Wallet
Cyble says these fake apps were found over a period of several weeks. Some have already been removed from the Play Store, but others are still active. Google is taking them down as they’re reported, but the process isn’t instant. That’s why it’s crucial to take action now.
Check your phone for any of the apps listed above. If you see any of them installed, delete them immediately. Even if you have not opened the app, it may still pose a risk.
Make sure Google Play Protect is turned on. It’s a built-in feature that scans your device for harmful apps. Go to Settings > Security > Google Play Protect and enable it if it’s off.
Cyble warns that this campaign is dangerous because it combines familiar branding with a large phishing infrastructure. The attackers operate more than 50 domains linked to the malicious apps. This wide reach helps them avoid detection and target more users before the apps are removed.
There is no safety net when it comes to crypto wallets. If your funds are stolen, you cannot get them back. Always download wallet apps directly from the official website of the wallet provider. Do not trust search results or links from third-party website
Final Warning: Delete These Apps Now
Fake crypto wallet apps are still slipping through Google Play’s defenses. These apps look real but are built to steal your money. Cybercriminals are using old developer accounts and mimicking trusted wallets to trick you into giving them access to your funds.
These apps are part of a growing campaign that keeps evolving. New fake apps appear each week. Your best defense is awareness. Use the list above, delete any dangerous apps from your phone, and avoid installing crypto wallet apps unless they come from a verified source.
Cyble and other security researchers continue to track this campaign. But as long as it’s active, your wallet could be at risk. Stay alert, and don’t let these fake apps fool you.
Stay updated: Crypto News –Mobile
