- Fake purse apps ask for your 12 words phrase and quietly remove your crypto funds
- Curl has found more than 20 Play Store apps made to steal consumer crypto credentials
- Malicious apps used webView for pancakes vap and others’ fake real login pages
Is the new research of the Sibel Research and Intelligence Labs (Cril) Veil A massive phishing campaign containing more than 20 Android applications on the Google Play Store.
These apps, which appear to be legitimate cryptocurrency wallet tools, were created with a sole purpose: stealing consumer memorial phrases, 12 key keys to the crypto wallet.
Once a compromise, the victims take the risk of losing their entire cryptocurrency holdings, which is unlikely to recover.
How apps work and what makes them dangerous
Many malicious apps were built using the median framework, which enables websites to change the Android applications.
Using this method, the threatening actors embedded the Fashing URL directly in the App Code or in the Privacy Policy Documents.
These links will then load the fraudulent login pages through a webView, and force users to enter their memoir phrase, which they are interacting with reliable wallet services such as pancakes vap, sociosvop, raid, and hyperlide.
For example, a fraudulent pancake Wap app used URLH XXPS: // Pancake Phanti Flied (.
Similarly, a fake raidage app re -instructed users to HXXPSPS: // Piwalletblog (.) Blog so that a similar scam can be done.
Despite the changes in branding, these apps shared a common goal: Extracting consumer private access keys.
Kriel’s analysis revealed that phishing infrastructure supporting these apps was wide. IP Address 94.156.177 (.) 209, which was used to host these malicious pages, connected to more than 50 other fishing domains.
These domains imitate the popular crypto platform and are reused in several apps, which indicate a central and well -research operation.
Even some malicious apps were published under developer accounts that were previously affiliated with legitimate software, such as gaming or streaming applications, further reduce the user’s doubts.
This tactic is complicated, as even modern mobile security tools can struggle to identify the hazards behind familiar branding or developer profiles.
To prevent such attacks, Karel advises users to just download apps from certified developers and avoid any such sensitive information.
Using the leading Android anti -virus or endpoint protection software, with ensuring that Google Play Protect is active, one important, although not incomprehensible, adds a defense layer.
Strong, unique passwords and multi -factor verification should be standard practice, and biometric security features should be enabled when available.
Users should also refrain from clicking on suspicious links received by SMS or email, and never enter sensitive information to mobile apps unless their legal status is ensured.
Finally, any legitimate app should never request a full memorandum through the login prompt. If that happens, it is probably too late.
22 to avoid a complete list of fake apps
- 1. Pancake exchange
Package: co.median.android.pkmxaj
Privacy Policy: HXXPS: //pANCAKEFENTFLYD.CZ/privatePolicy.html - 2. Sweet Purse
Package: co.median.android.ljqjry
Privacy Policy: HXXPS: //suietsiz.cz/privatepolicy.html - 3. Hyper -Liked
Package: co.median.android.jroylx
Privacy Policy: hxxps: //hyperliqw.sbs/privatepolicy.html - 4. Radium
Package: co.median.android.yakmje
Privacy Policy: HXXPS: //raydifloyd.cz/privatepolicy.html - 5. Hyper -Liked
Package: co.median.android.aaxblp
Privacy Policy: hxxps: //hyperliqw.sbs/privatepolicy.html - 6. Black Crypto
Package: co.median.android.ozjwka
Privacy Policy: hxxps: //bullxni.sbs/privatepolicy.html - 7. Open chain exchange
Package: co.median.android.ozjjkx
Privacy Policy: HXXPS: //openoceansi.sbs/privatepolicy.html - 8. Sweet Purse
Package: co.median.android.mpeaawaw
Privacy Policy: HXXPS: //suietsiz.cz/privatepolicy.html - 9. Matura Exchange
Package: co.median.android.kbxqaj
Privacy Policy: HXXPS: //meteorafloydovordose.sbs/privatepolicy.html - 10. Radium
Package: co.median.android.epwzyq
Privacy Policy: HXXPS: //raydifloyd.cz/privatepolicy.html - 11. Socioswop
Package: co.median.android.pkyzyz
Privacy Policy: HXXPS: //Sushijames.sbs/privatepolicy.html - 12 Radium
Package: co.median.android.pkzylr
Privacy Policy: HXXPS: //raydifloyd.cz/privatepolicy.html - 13. Socioswop
Package: co.median.android.brlljb
Privacy Policy: HXXPS: //Sushijames.sbs/privatepolicy.html - 14 Hyper -Liked
Package: co.median.android.djerqq
Privacy Policy: hxxps: //hyperliqw.sbs/privatepolicy.html - 15. Sweet Purse
Package: co.median.android.epeall
Privacy Policy: HXXPS: //suietwz.sbs/privatepolicy.html - 16. Black Crypto
Package: co.median.android.braqdy
Privacy Policy: hxxps: //bullxni.sbs/privatepolicy.html - 17. Finance Finance Blog
Package: co.median.android.ljmeob
Privacy Policy: HXXPS: //harvestFin.sbs/privatepolicy.html - 18 Pancake exchange
Package: co.median.android.djrdyk
Privacy Policy: HXXPS: //pANCAKEFENTFLYD.CZ/privatePolicy.html - 19. Hyper -Liked
Package: co.median.android.epbdbn
Privacy Policy: hxxps: //hyperliqw.sbs/privatepolicy.html - 20. Sweet Purse
Package: co.median.android.noxmdz
Privacy Policy: HXXPS: //suietwz.sbs/privatepolicy.html - 21. Radium
Package: cryptoknowage.Rays
Privacy Policy: HXXPS: //www.termsfeed.com/live/a4EC5C75-45c-47b3-8b18b10- D43164F83BFC - 22. Pancakes vapor
Package: com.ryptoknowled.quizzzzzz
Privacy Policy: HXXPS: //www.termsfeed.com/live/a4EC5C75-45c-47b3-8b18b10- D43164F83BFC
