Uninstall These Dangerous Apps Immediately: New Warning for All Android and Crypto Users

By /

Updated on June 9 with Google’s response and essential cybersecurity advice for mobile users amid rising threats.

Your smartphones may have dozens — sometimes hundreds — of apps. With over 2 million apps on Apple’s App Store and nearly 3 million on Google Play, users are constantly downloading new tools for convenience, finance, communication, and entertainment. However, a new alert from cybersecurity researchers is a harsh reminder: even apps from official stores can be dangerous.

New Warning: Crypto Wallet Users at Risk

Cybersecurity firm Cyble has uncovered a sophisticated scam campaign targeting users of cryptocurrency wallets. These apps, despite being listed on Google Play, are malicious in nature, designed to impersonate trusted crypto wallet platforms. Once installed, they phish users’ sensitive recovery phrases—commonly known as mnemonics—which are then used to drain real funds from actual crypto wallets.

How These Malicious Apps Work

The apps appear legitimate at first glance. They use familiar names, logos, and interfaces similar to popular crypto wallets. Once launched, they either open a phishing webpage or load an in-app browser (WebView) requesting the user to input their mnemonic phrase. This phrase is essentially the master key to your wallet—whoever has it can access and transfer all funds.

Confirmed Impersonated Wallets and Risky Apps

According to Cyble’s report, at least nine popular crypto platforms are being mimicked. These fake apps are part of a broader malicious operation and are constantly evolving. Users are advised to check for any of the following wallet names or variations on their devices:

  1. PancakeSwap
  2. Suiet Wallet
  3. Hyperliquid
  4. Raydium
  5. BullX Crypto
  6. OpenOcean Exchange
  7. Meteora Exchange
  8. SushiSwap
  9. Harvest Finance Blog

More than 20 fake apps have already been identified, but the campaign is ongoing. Importantly, the threat actors are using compromised or repurposed developer accounts, which were previously known for publishing legitimate apps. This makes the malware even harder to detect.

Key Red Flags: How to Spot Suspicious Apps

These malicious apps often share similar behaviors:

  • They use Command and Control (C&C) URLs embedded in their privacy policies.
  • App descriptions and package names may resemble legitimate crypto tools but contain subtle differences.
  • Developer names may look familiar or contain slight misspellings.
  • Fake reviews or unusually high download counts may be inflated or manipulated.

What Google Is Doing About It

A Google spokesperson confirmed that all known malicious apps from Cyble’s report have been removed from the Play Store. Moreover, Google Play Protect, the company’s built-in security system for Android, has been updated to block these apps and protect users moving forward.

However, Google warns that users must stay vigilant. Play Protect can alert or block apps known to be dangerous, but it cannot stop users from granting sensitive permissions or entering their private keys when tricked by clever phishing.

Expert Advice: Check Before You Install

Security specialist Jake Moore of ESET has issued a stark warning to crypto users:

“Delete any crypto app that isn’t verified and always double-check the publisher’s identity. Read the reviews, examine download stats, and avoid unknown developers.”

He emphasizes that while third-party app stores are usually riskier, these threats on Google Play are more alarming because users often trust the platform’s security checks.

“When apps impersonate financial tools and pass security filters, the risk multiplies. A fake crypto app can cause irreversible damage within seconds.”

The Real Danger: Sophisticated Phishing Campaigns

What sets this campaign apart is its scale and precision. Cyble discovered a network of over 50 phishing domains, used to widen the attack surface. This large infrastructure ensures the malware is hard to trace and even harder to stop in real-time.

Users often trust well-designed apps without due diligence. But when it comes to digital wallets, there is no room for error. Unlike banks, there is no recovery mechanism for stolen cryptocurrency. Once the mnemonic phrase is compromised, your funds are gone for good.

Safety Tips to Protect Your Crypto and Data:

  1. Never share your mnemonic phrase, even if an app looks legitimate.
  2. Download wallet apps only from official websites or by direct link from the developer.
  3. Double-check the developer name and user reviews.
  4. Keep Google Play Protect enabled at all times.
  5. Regularly audit your installed apps and remove those you no longer trust or recognize.
  6. Stay informed—malware tactics evolve quickly.

Conclusion: Stay Safe, Stay Smart

This incident is a strong reminder that cybersecurity is everyone’s responsibility. Even the most reputable platforms like Google Play are not immune to deception. If you use cryptocurrency wallets, you must take extra caution when installing any app that interacts with your finances.

If you see any of the listed wallets on your phone—and didn’t install them from the official project websitedelete them immediately.

Scroll to Top