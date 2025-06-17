It's always recommended to download apps only from the Google Play Store, instead of getting them from third-party websites and app stores. One of the main reasons behind this is that the Google Play Protect feature on your Android smartphone scans the apps you download from the Play Store for any suspicious entries in their code. However, some developers still come up with different ways to get their malicious apps to bypass the Play Protect security feature, and get installed on your device.

Advertisement

Some such apps that CRIL has discovered are Pancake Swap, Suiet Wallet, Hyperliquid, Raydium, BullX Crypto, OpenOcean Exchange, Meteora Exchange, Harvest Finance blog, and SushiSwap. The CRIL report also mentions that there are different versions of each of these malicious apps, with each listed on the Play Store under different developer accounts. However, all these apps have a similar package name, and Command and Control (C&C) URLs in their respective privacy policies. All these malicious apps use the icon of their legitimate counterparts, which ultimately makes it difficult for users to identify which app is real.

Once you download and open one of these apps, Raydium, for example, you're reportedly redirected to a phishing website or an in-app WebView, which looks exactly like the original Raydium wallet. Then, you'll be asked to enter your 12-word mnemonic phrase, and once you do that, it becomes easy for the person behind all this to empty your crypto funds from the real crypto wallet.

Advertisement