Cyber security researchers have found over 20 crypto-related malware apps exist and work on the Google Play Store. These apps are designed to forge popular crypto wallet services, in order to fool users into appropriating all digital assets in the wallet.

The commonality of these scam apps is that they require users to enter or recover their wallets using a 12 – word mnemonic phrase (mnemonic or recovery phrase). This is the most important security information of a cryptocurrency wallet. By possessing the phrase, the scammer can gain full access, control, and remove all assets from the wallet without any additional authentication. Thus, as soon as users filled out the 12 – word phrase in the fake app, they inadvertently handed over all of their property to the bad guys.

To make it easier for users to identify and remove threats, experts released a detailed list of 20 malicious apps along with the Package name of each app. Collating the package name is the most accurate way to distinguish a fake app from a legitimate version. Specific lists include:

  • Pancake Swap (co.median.android.pkmxaj)

  • Suiet Wallet (co.median.android.ljqjry)

  • Hyperliquid (co.median.android.jroylx)

  • Raydium (co.median.android.yakmje)

  • Hyperliquid (co.median.android.axblp)

  • Crypto BullX (co.median.android.ozjwka)

  • OpenOcean Exchange (co.median.android.ozjjkx)

  • Suiet Wallet (co.median.android.mpeaaw)

  • Meteora Exchange (co.median.android.kbxqaj)

  • Raydium (co.median.android.epwzyq)

  • SushiSwap (co.median.android.pkezyz)

  • Raydium (co.median.android.pkzylr)

  • SushiSwap (co.median.android.brujb)

  • Hyperliquid (co.median.android.djerqq)

  • Suiet Wallet (co.median.android.epeall)

  • BullX Crypto (co.median.android.braqdy)

  • Harvest Finance blog (co.median.android.ljmeob)

  • Pancake Swap (co.median.android.djrdyk)

  • Hyperliquid (co.median.android.epbdbn)

  • Suiet Wallet (co.median.android.noxmdz)

In the above list, some apps have the same name displayed due to multiple apps forging the same legitimate service or using the same brand to distract users. Therefore, checking the package name rather than just looking at the app name or icon is key to correctly detecting malicious apps.

In light of the growing threat from crypto-sphishing applications, experts recommend that users should adhere to some basic safety principles. Only install apps from verified developers on the Google Play Store, and never enter a 12-word phrase or private key into any app, even if the app appears legitimate. Besides, users should enable Google Play Protect on Android devices, while enhancing security layers such as biometrics, two-factor authentication, and using reputable antivirus software to minimize the risk of digital asset loss.