June 11, 2025, 1:14 pm | Read time: 3 minutes
Security researchers have identified 22 harmful crypto apps in the Google Play Store. These apps have been downloaded hundreds of thousands of times.
Nowadays, managing your finances isn’t limited to traditional bank accounts or cash. In recent years, cryptocurrencies and their associated wallets have gained popularity and significance. However, this also attracts criminal actors. Security researchers have now identified 22 malicious crypto apps that were recently available for download on the Google Play Store. While most have since disappeared, they were downloaded numerous times before being removed. TECHBOOK reveals which apps are involved. If you use any of these applications, you should act quickly.
Malicious Crypto Apps Imitate Popular Wallets
This is according to a new report from Cyble Research and Intelligence Labs (CRIL). Their findings indicate that the malicious crypto apps disguise themselves as popular wallets and gain access by pretending to offer services. In reality, they aim to steal users’ crypto savings.
Google has removed most from the Play Store, and more have been reported. However, once one of these apps is installed, it remains on the device until manually deleted. If you have any of the following nine well-known applications on your smartphone, you should double-check to ensure it’s the original. There are 20 counterfeit versions circulating, which also use familiar logos and operate similarly:
- Bulix Crypto
- Harvest Finance blog
- Hyperliquid
- Meteora Exchange
- OpenOcean Exchange
- Pancake Swap
- Raydium
- Suiet Wallet
- SushiSwap
Two other counterfeits are also known, which, for example, use differently named download packages and terms.
Fake Apps Redirected to Dubious URLs
The security report further states that users of the malicious crypto apps were redirected to fake URLs, where they were asked to enter the backup key for their wallets. The perpetrators disguised these URLs as privacy policies.
Also of interest: “The Key to Success Is Making Cryptos Easily Accessible”
This is how they subsequently gained access. To distribute the apps, the cybercriminals used illegally acquired or modified developer accounts that previously operated legally.
Contaminated by Viruses! You Should Delete These Apps Immediately
Nasty Malware Can Read Screenshots on Smartphones
Apple Endangers User Group Due to Security Flaws in the App Store
Pay Close Attention to Package Names and URLs
CRIL has compiled a list to help identify the malicious apps. The focus is on the names of the download packages and the fake privacy policies:
According to “PC Mag,” affected users should find an alternative way to access their wallet and then change their login credentials. It’s also recommended to report potential misuse directly to the legitimate service. It’s advisable to quickly transfer cryptos to another wallet.
In general, always download apps from trusted sources and avoid applications that request sensitive information. Strong passwords and good security measures such as antivirus programs or biometric security settings are also a must. Google Play Protect should be enabled, and links received via SMS or email should always be approached with skepticism.