As we know, despite the checks by Google, on Play Store they can sometimes arrive harmful applications. This is the case, since we talk about At least 20 Phishing apps who aim to get hold of credentials for wallet Of cryptocurrency: Let’s see what apps are absolutely to avoid and how to try to defend themselves.
New Phishing attacks: attention to these Google Play Store apps
The Google Play Store is obviously the most frequented digital store by Android users for downloading apps and games. The House of Mountain View has rules and rigid policies for verifying the applications that must be published on the store, but sometimes it can happen that something escapes control. This time there is even more careful to be, because we are not talking about “simple” unsolicited advertising, but of phishing for cryptocurrency apps.
The researchers of Cyblea company specialized in cyber intelligence and in the protection from cyber risks, have identified at least 20 malicious applications on the Google Play Store. All they impersonate legctive cryptocurrency wallet apps With the most classic goal of phishing: steal credentials so as to get their hands on the accounts and on what they contain. In particular, according to what reported, the attackers ask users to insert a Mnemonica phrase of 12 words to access the (false) wallet.
“What makes this campaign particularly dangerous is the use of apparently legitimate applications“, You can read in the article published by Cyble (here to learn more),”hosted on account of previously harmless or compromised developerscombined with a large -scale phishing infrastructure connected to over 50 domains“. This not only extends its scope, but contributes to making immediate detection by” traditional “defense methods more difficult.
What are the malicious applications from which to stay away? For now they are about twenty, but some of these apps have the same name, with a different package name. Here are the 9 applications discovered on the Play Store, with all the names of the identified packages:
- Swap pancake (Co.Median.android.pkmxaj, Co.Median.android.djrdyk)
- Sumet Wallet (Co.Median.android.ljqjry, Co.Median.android.pmAaaw, Co.Median.android.epeall, Co.Median.android.noxmdz)
- Hyperliquid (Co.Median.android.jroylx, Co.Median.android.aaxblp, Co.Median.android.djerqq, Co.Median.android.epbdbn)
- Raydium (Co.Median.android.yakmje, Co.Median.android.epwzyq, Co.Median.android.pkzylr)
- Bullx Crypto (Co.Median.android.ozjwka, Co.Median.android.braqdy)
- OPENCEAN Exchange (Co.Median.android.ozjjkx)
- Meteora Exchange (Co.Median.android.kbxqaj)
- Sushiswap (Co.Median.android.pkezyz, Co.Median.android.brlljb)
- Harvest Finance Blog (Co.Median.android.ljmeob)


In case of success, the phishing attack in question could cause irreversible financial losses for victims. Cryptocurrency transactions are different and enjoy less protection than those of the traditional banking system.
If you downloaded one of the apps mentioned in the list above, cancel it immediately and make the necessary checks. You must always be very careful with the applications that are downloaded on the smartphone, even if they come from the Google Play Store: even the official Big G store is not 100% safe, and it is always necessary to do the appropriate checks, especially if these are credentials of this type.