These Malicious Smartphone Apps Only Exist To Steal From You

Not your keys, not your crypto — this is a popular saying in the cryptocurrency world, which means if you don't have control over the private keys of your cryptocurrency wallet, then your crypto funds are at risk of getting stolen by malicious actors. However, it's now time to be very careful about not only your private keys but also the cryptocurrency wallet itself. Cyble Research and Intelligence Labs (CRIL) has discovered more than 20 apps on the Google Play Store that were impersonating legitimate cryptocurrency wallets.

Some of the wallets these apps were impersonating include SushiSwap, PancakeSwap, Raydium, Hyperliquid, and others. All these wallets are quite famous; PancakeSwap, for example, has more than $2.3 billion in value locked at the time of writing. The motive of all these malicious crypto wallet apps is reportedly the same — steal your crypto funds by tricking you into giving them access to your mnemonic phrases. That said, let's learn more about these malicious apps and how to protect yourself from them.

It's always recommended to download apps only from the Google Play Store, instead of getting them from third-party websites and app stores. One of the main reasons behind this is that the Google Play Protect feature on your Android smartphone scans the apps you download from the Play Store for any suspicious entries in their code. However, some developers still come up with different ways to get their malicious apps to bypass the Play Protect security feature, and get installed on your device.

Some such apps that CRIL has discovered are Pancake Swap, Suiet Wallet, Hyperliquid, Raydium, BullX Crypto, OpenOcean Exchange, Meteora Exchange, Harvest Finance blog, and SushiSwap. The CRIL report also mentions that there are different versions of each of these malicious apps, with each listed on the Play Store under different developer accounts. However, all these apps have a similar package name, and Command and Control (C&C) URLs in their respective privacy policies. All these malicious apps use the icon of their legitimate counterparts, which ultimately makes it difficult for users to identify which app is real.

Once you download and open one of these apps, Raydium, for example, you're reportedly redirected to a phishing website or an in-app WebView, which looks exactly like the original Raydium wallet. Then, you'll be asked to enter your 12-word mnemonic phrase, and once you do that, it becomes easy for the person behind all this to empty your crypto funds from the real crypto wallet.

Interestingly, the developer accounts under which the aforementioned apps have been listed apparently aren't new and were previously used to distribute legitimate apps. However, these legitimate developer accounts were somehow compromised, and now they're being used to distribute malicious apps. The combination of popular crypto wallet branding, real app icons, and developer profiles with a previous history of distributing legitimate apps ultimately makes it difficult for security tools to detect the threats these malicious apps pose.

Furthermore, by investigating the phishing URL that the malicious Pancake Swap app was linked to, researchers at CRIL found that the IP address is connected to more than 50 other phishing domains, all created with the same purpose — stealing your mnemonic phrases. All the apps were reported to Google, and at the time of writing most — if not all — of them have been removed from the Play Store.

While Google is doing its job by removing these apps from the Play Store, you can take some measures to improve your Android phone security so you don't end up becoming a victim of these malicious apps. First off, make sure to not disable Google Play Protect on your Android smartphone. Next, don't download apps from unverified developers, or those that require sensitive information to function. In addition, ensure you have a strong antivirus program installed on your device, and implement multi-factor authentication for apps carrying your personal data and funds, plus avoid installing apps with a lot of negative and concerning reviews.