Security researchers at Cyble Research and Intelligence Labs (CRIL) have uncovered a widespread phishing campaign targeting Android users through 20 fake cryptocurrency apps that were openly available on the Google Play Store. These apps were carefully crafted to mimic well-known crypto platforms such as Binance, Trust Wallet, Metamask, Bitget, Coin98, Ledger, Phantom, KuCoin, and others.
According to Cyble’s June 2025 report, the malicious apps are part of a larger effort to steal login credentials, seed phrases, and private keys from unsuspecting users, enabling attackers to gain full control over their wallets.
How the Scam Works
The rogue applications use familiar branding, icons, and user interfaces to deceive users into believing they are interacting with legitimate crypto apps. Once installed, the app typically presents:
- A fake login screen
- A prompt to import a seed phrase or private key
- Interface elements that mimic real apps, but transmit data to a command-and-control (C2) server
Cyble notes that the malware authors often registered their apps under names similar to official ones, with only minor variations, to evade detection during casual searches or ad-based downloads.
Technical Findings
- The malicious apps are coded to bypass Google Play Protect and may remain live for days before being removed.
- Some variants fetch phishing templates dynamically after installation.
- Stolen data includes seed phrases, private keys, user credentials, and device identifiers.
What Users Should Do
If you've recently downloaded any crypto-related Android app not from a verified source, take the following actions:
- Delete the app immediately
- Scan your device using a reputable mobile security tool
- Reset your wallet credentials and transfer your funds to a new wallet
- Report the app to Google Play
Even if the app appears functional, it may be harvesting data in the background.
How to Stay Safe
- Only download apps from official sources with verified publisher identities
- Check the number of downloads, user reviews, and update history
- Never enter your seed phrase or private key into a mobile app unless fully trusted
- Use hardware wallets when possible for higher protection
Source
Full report: Cyble – Crypto Phishing Applications on the Play Store
