Subj : Stop using these 22 Android crypto and wallet apps ASAP, or you r To : All From : TechnologyDaily Date : Sun Jun 15 2025 19:45:08 Stop using these 22 Android crypto and wallet apps ASAP, or you risk losing all your cryptocurrency Date: Sun, 15 Jun 2025 18:36:00 +0000 Description: CRIL uncovered a phishing campaign using fake crypto apps with embedded URLs to steal access keys. FULL STORY ======================================================================Fake wallet apps ask for your 12-word phrase and quietly drain your crypto funds CRIL found over 20 Play Store apps built solely to steal users crypto credentials Malicious apps used WebView to fake real login pages from PancakeSwap and others New research by Cyble Research and Intelligence Labs (CRIL) has uncovered a large-scale phishing campaign involving more than 20 Android applications listed on the Google Play Store. These apps, which appeared to be legitimate cryptocurrency wallet tools, were created with a singular purpose: stealing users mnemonic phrases, the crucial 12-word keys that provide full access to crypto wallets. Once compromised, victims risk losing their entire cryptocurrency holdings, with no possibility of recovery. How the apps work and what makes them dangerous Many of the malicious apps were built using the Median framework, which enables the rapid conversion of websites into Android applications. Using this method, threat actors embedded phishing URLs directly into the app code or within privacy policy documents. These links would then load deceptive login pages via a WebView, tricking users into entering their mnemonic phrases under the false belief they were interacting with trusted wallet services such as PancakeSwap, SushiSwap, Raydium, and Hyperliquid. For example, a fraudulent PancakeSwap app used the URL hxxps://pancakefentfloyd[.]cz/api.php, which led to a phishing page mimicking the legitimate PancakeSwap interface. Likewise, a fake Raydium app redirected users to hxxps://piwalletblog[.]blog to carry out a similar scam. Despite variations in branding, these apps shared a common objective: extracting users private access keys. CRIL's analysis revealed that the phishing infrastructure supporting these apps was extensive. The IP address 94.156.177[.]209, used to host these malicious pages, was linked to over 50 other phishing domains. These domains imitate popular crypto platforms and are reused across multiple apps, indicating a centralized and well-resourced operation. Some malicious apps were even published under developer accounts previously associated with legitimate software, such as gaming or streaming applications, further lowering user suspicion. This tactic complicates detection, as even advanced mobile security tools may struggle to identify threats hidden behind familiar branding or developer profiles. To protect against such attacks, CRIL advises users to download apps only from verified developers and avoid any that request sensitive information. Using reputable Android antivirus or endpoint protection software , along with ensuring that Google Play Protect is enabled, adds an important, though not infallible, layer of defense. Strong, unique passwords and multi-factor authentication should be standard practice, and biometric security features should be enabled when available. Users should also avoid clicking on suspicious links received via SMS or email, and never enter sensitive information into mobile apps unless their legitimacy is certain. Ultimately, no legitimate app should ever request a full mnemonic phrase through a login prompt. If that happens, its likely already too late. Full list of the 22 fake apps to avoid 1. Pancake Swap Package: co.median.android.pkmxaj Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html 2. Suiet Wallet Package: co.median.android.ljqjry Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html 3. Hyperliquid Package: co.median.android.jroylx Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 4. Raydium Package: co.median.android.yakmje Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 5. Hyperliquid Package: co.median.android.aaxblp Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 6. BullX Crypto Package: co.median.android.ozjwka Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html 7. OpenOcean Exchange Package: co.median.android.ozjjkx Privacy Policy: hxxps://openoceansi.sbs/privatepolicy.html 8. Suiet Wallet Package: co.median.android.mpeaaw Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html 9. Meteora Exchange Package: co.median.android.kbxqaj Privacy Policy: hxxps://meteorafloydoverdose.sbs/privatepolicy.html 10. Raydium Package: co.median.android.epwzyq Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 11. SushiSwap Package: co.median.android.pkezyz Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html 12. Raydium Package: co.median.android.pkzylr Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 13. SushiSwap Package: co.median.android.brlljb Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html 14. Hyperliquid Package: co.median.android.djerqq Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 15. Suiet Wallet Package: co.median.android.epeall Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html 16. BullX Crypto Package: co.median.android.braqdy Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html 17. Harvest Finance blog Package: co.median.android.ljmeob Privacy Policy: hxxps://harvestfin.sbs/privatepolicy.html 18. Pancake Swap Package: co.median.android.djrdyk Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html 19. Hyperliquid Package: co.median.android.epbdbn Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 20. Suiet Wallet Package: co.median.android.noxmdz Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html 21. Raydium Package: cryptoknowledge.rays Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc 22. PancakeSwap Package: com.cryptoknowledge.quizzz Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc You might also like These are the best external hard drives in the market Check out the best mini PCs for all budgets Build your own superfast virtual 32TB Gen5 SSD with this RAID PCIe Gen5 card ====================================================================== Link to news story: https://www.techradar.com/pro/security/stop-using-these-22-android-crypto-and- wallet-apps-asap-or-you-risk-losing-all-your-cryptocurrency --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .