1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Stop using these 22 Android crypto and wallet apps ASAP, or you r

    From TechnologyDaily@1337:1/100 to All on Sun Jun 15 19:45:08 2025
    Stop using these 22 Android crypto and wallet apps ASAP, or you risk losing all your cryptocurrency

    Date:
    Sun, 15 Jun 2025 18:36:00 +0000

    Description:
    CRIL uncovered a phishing campaign using fake crypto apps with embedded URLs to steal access keys.

    FULL STORY ======================================================================Fake wallet apps ask for your 12-word phrase and quietly drain your crypto funds CRIL found over 20 Play Store apps built solely to steal users crypto credentials Malicious apps used WebView to fake real login pages from PancakeSwap and others

    New research by Cyble Research and Intelligence Labs (CRIL) has uncovered a large-scale phishing campaign involving more than 20 Android applications listed on the Google Play Store.

    These apps, which appeared to be legitimate cryptocurrency wallet tools, were created with a singular purpose: stealing users mnemonic phrases, the crucial 12-word keys that provide full access to crypto wallets.

    Once compromised, victims risk losing their entire cryptocurrency holdings, with no possibility of recovery. How the apps work and what makes them dangerous

    Many of the malicious apps were built using the Median framework, which enables the rapid conversion of websites into Android applications.

    Using this method, threat actors embedded phishing URLs directly into the app code or within privacy policy documents.

    These links would then load deceptive login pages via a WebView, tricking users into entering their mnemonic phrases under the false belief they were interacting with trusted wallet services such as PancakeSwap, SushiSwap, Raydium, and Hyperliquid.

    For example, a fraudulent PancakeSwap app used the URL hxxps://pancakefentfloyd[.]cz/api.php, which led to a phishing page mimicking the legitimate PancakeSwap interface.

    Likewise, a fake Raydium app redirected users to hxxps://piwalletblog[.]blog to carry out a similar scam.

    Despite variations in branding, these apps shared a common objective: extracting users private access keys.

    CRIL's analysis revealed that the phishing infrastructure supporting these apps was extensive. The IP address 94.156.177[.]209, used to host these malicious pages, was linked to over 50 other phishing domains.

    These domains imitate popular crypto platforms and are reused across multiple apps, indicating a centralized and well-resourced operation.

    Some malicious apps were even published under developer accounts previously associated with legitimate software, such as gaming or streaming
    applications, further lowering user suspicion.

    This tactic complicates detection, as even advanced mobile security tools may struggle to identify threats hidden behind familiar branding or developer profiles.

    To protect against such attacks, CRIL advises users to download apps only
    from verified developers and avoid any that request sensitive information.

    Using reputable Android antivirus or endpoint protection software , along
    with ensuring that Google Play Protect is enabled, adds an important, though not infallible, layer of defense.

    Strong, unique passwords and multi-factor authentication should be standard practice, and biometric security features should be enabled when available.

    Users should also avoid clicking on suspicious links received via SMS or email, and never enter sensitive information into mobile apps unless their legitimacy is certain.

    Ultimately, no legitimate app should ever request a full mnemonic phrase through a login prompt. If that happens, its likely already too late. Full list of the 22 fake apps to avoid 1. Pancake Swap
    Package: co.median.android.pkmxaj
    Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html 2. Suiet Wallet
    Package: co.median.android.ljqjry
    Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html 3. Hyperliquid
    Package: co.median.android.jroylx
    Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 4. Raydium
    Package: co.median.android.yakmje
    Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 5. Hyperliquid
    Package: co.median.android.aaxblp
    Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 6. BullX Crypto
    Package: co.median.android.ozjwka
    Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html 7. OpenOcean Exchange
    Package: co.median.android.ozjjkx
    Privacy Policy: hxxps://openoceansi.sbs/privatepolicy.html 8. Suiet Wallet
    Package: co.median.android.mpeaaw
    Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html 9. Meteora Exchange
    Package: co.median.android.kbxqaj
    Privacy Policy: hxxps://meteorafloydoverdose.sbs/privatepolicy.html 10. Raydium
    Package: co.median.android.epwzyq
    Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 11. SushiSwap
    Package: co.median.android.pkezyz
    Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html 12. Raydium
    Package: co.median.android.pkzylr
    Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 13. SushiSwap
    Package: co.median.android.brlljb
    Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html 14. Hyperliquid
    Package: co.median.android.djerqq
    Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 15. Suiet Wallet
    Package: co.median.android.epeall
    Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html 16. BullX Crypto
    Package: co.median.android.braqdy
    Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html 17. Harvest Finance blog
    Package: co.median.android.ljmeob
    Privacy Policy: hxxps://harvestfin.sbs/privatepolicy.html 18. Pancake Swap
    Package: co.median.android.djrdyk
    Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html 19. Hyperliquid
    Package: co.median.android.epbdbn
    Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 20. Suiet Wallet
    Package: co.median.android.noxmdz
    Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html 21. Raydium
    Package: cryptoknowledge.rays
    Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc 22. PancakeSwap
    Package: com.cryptoknowledge.quizzz
    Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc You might also like These are the best external hard drives in the market Check out the best mini PCs for all budgets Build your own superfast virtual 32TB Gen5 SSD with this RAID PCIe Gen5 card



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/stop-using-these-22-android-crypto-and- wallet-apps-asap-or-you-risk-losing-all-your-cryptocurrency


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)