An important cybersecurity threat is found on Google Play: over twenty fake cryptocurrency wallet applications have been downloaded onto millions of Android devices. As revealed by CRIL, these apps are meant to trick people into revealing their 12 passphrase which gives criminals full control over their crypto holdings. This advanced cyber attack underlines a rise in phishing attempts that come from what look like reliable mobile applications.
/*Fake Wallets Masquerading as Trusted Brands*/
Security experts found the applications by looking for brands like PancakeSwap, Hyperliquid, SushiSwap, Raydium, Suiet Wallet, BullX Crypto, OpenOcean Exchange, Meteora Exchange, and Harvest Finance Blog. With the help of frameworks like “Median,” these phishing applications try to look exactly like real wallets. Users who launch the app are made to sign in with their mnemonic phrase on websites that act as phishing pages, helping attackers get their private keys
/*Infrastructure Reveals a Coordinated Campaign*/
This isn’t a typical scam that hits many people. Investigation carried out by CRIL discovered that criminals used infrastructure containing more than 50 phishing sites, such as pancakefentfloyd.cz, hyperliqw.sbs, raydifloyd.cz, and sushijames.sbs to collect seed phrases. These fake wallets got into the Play Store thanks to misused developer accounts that hosted original apps with huge download numbers, making Google’s security miss these phony wallets for weeks.
/*Google’s Response – Removal & Ongoing Risk*/
As a result of CRIL’s disclosure on June 6, 2025, Google took prompt action to take down most of the unapproved apps on the Play Store . But security experts warn that there may still be some infected machines, since the operation is being carried out . Users need to uninstall these apps manually, activate Google Play Protect, and download wallets only from credible places and reliable developers.
/*What Ways Do Users Have to Keep Themselves Safe?*/
Before installing, look up the official name of the developer, read other users’ reviews, count the app’s downloads, and check the record of recent updates. PureCoin doesn’t ask you for your 12-Word Phrase in the app or when you browse the Web—they should ask for it only while setting up your wallet. Install Google Play Protect, put in extra protection by getting an antivirus app, and turn on biometric or multi-factor verification. Uninstall things you don’t use, carefully review unusual parts of any privacy policy, and pay attention to new products that may resemble well-known systems.