Latest news with #CRIL
Hindustan Times
11-06-2025
- Hindustan Times
Crypto wallet users need to uninstall these apps on their phones right now
If you've installed any cryptocurrency wallet apps recently, it might be time to double-check. Cybersecurity researchers have uncovered a shocking new scam! Over 20 fake crypto wallet apps on the Google Play Store are stealing users' sensitive wallet data, putting digital assets worth thousands of dollars at risk. The report, released by Cyble Research and Intelligence Labs (CRIL), highlights how these apps managed to bypass Google's security checks and landed on the Play Store. They target users of well-known decentralised finance (DeFi) wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium. What makes this scam so dangerous? What makes this scam especially dangerous is its method. Once installed, these apps prompt users to enter their 12-word wallet recovery phrase, a secret key that gives complete access to one's crypto wallet. The moment a user enters this phrase, hackers gain control and can transfer out all funds instantly, leaving victims with nothing. How these apps work: Sneaky strategy, real damage The threat actors behind these apps are taking advantage of repurposed developer accounts. These are the accounts that were once used for legitimate apps like games or media tools. Since these accounts already had a good reputation, users were more likely to trust them. The malicious apps also mimic the design, interface, and even package names of genuine crypto wallet apps, making it hard to tell them apart. Adding to the deception, some apps embed phishing links within their privacy policies, further tricking unsuspecting users into handing over their wallet credentials. How to stay safe? If you use a crypto wallet, follow these steps to protect yourself immediately: List of dangerous apps on Google Play Store Package Name How to delete these dangerous apps? To remove these apps from your Android phone: Your crypto wallet is only as safe as the apps you trust. Act now, deleting these apps could save you from losing everything.
Tom's Guide
09-06-2025
- Tom's Guide
Delete these 20 apps right now if you downloaded them from the Play Store — they're malicious
If you've recently downloaded a crypto app from the Google Play Store, you should probably check this list from Cyble Research and Intelligence Labs (CRIL) just to be safe Cybersecurity researchers at CRIL recently found 20 malicious apps managed to infiltrate the Play Store in order to trick users by appearing to be legitimate wallet apps providing crypto services. PC Mag reports that the apps have since been removed from the Play Store, however, some of them were downloaded hundreds of thousands of times which many people could be at risk from having their digital funds drained by threat actors. Here is the full list of malicious apps found stealing cryptocurrency on the Play Store: While there are 20 malicious apps in this list overall, many of them use the same app name but have different package names. Regardless though, you're going to want to delete any app with one of the names listed above even if they have different developers. These fake apps will remain on a device until they are manually removed so the first step to ensuring that you are safe is to check and see if you have downloaded any of them by mistake. The threat actors created multiple fake apps for services like SushiSwap, Harvest Finance blog, Meteora Exchange, OpenOcean Exchange, Pancake Swap, Raydium, Bulix Crypto, Hyperliquid and Suiet Wallet. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Users who installed the malicious apps were redirected to a URL that asked for the 12-word recovery phrase that is connected to their official crypto currency wallets. Using this phrase, a threat actor could remove the funds from these wallets. The attackers who developed these fake apps used developer accounts on the Play Store that were already established as legitimate and that had other non-malicious, clean apps on offer like Android games. This added legitimacy to the operation and was likely how they managed to slip past Google's defenses in the first place. Those who have been infected should find an alternate way to access the crypto wallet without using the fake app, then changing their access information and report the potentially malicious access directly to their crypto service. If you are still concerned, you can also remove your funds from the account and put them in an alternative service. In order to stay safe from malicious apps, you want to make sure that Google Play Protect is enabled on your smartphone. This free app comes pre-installed on all of the best Android phones and it can scan your existing apps as well as any new ones you download for malware. For extra protection though, you might also want to run one of the best Android antivirus apps alongside it. There's loads of money to be made from crypto for cybercriminals and fake apps are one of the easiest ways for them to gain a foothold on your smartphone. This is why you want to be extra careful when downloading new apps, though you also should limit the number of apps you have overall as even good apps can go bad.
News18
09-06-2025
- News18
Dangerous Android Apps Can Steal Your Data, Delete Them Right Away
Last Updated: Android apps are easy to target for the hackers and Google finds it hard to trace and filter them out from the Play Store. Android apps with dangerous intent often manage to bypass Google's strict security checks and once again you have a slew of apps targeting users looking to steal their money and data. More than 20 apps with malicious content have come through Google's check to get listed on the Play Store and users are being warned about their risks and told to delete them right away. Cryptocurrency apps have mushroomed in the last few years and many people get enticed with their supposed quick money policies. The bad actors are using their malicious apps disguised as wallet apps for the digital currency that people need to be careful about. These details have been shared by Cyble Research and Intelligence Labs (CRIL) that has discovered the malicious apps on the Play Store. The security firm claims that if any user has installed these dangerous apps, they could be prompted to enter the confidential 12-digit recovery key for the wallet, which allows the hackers to fully control their digital wallets and even transfer the money into their accounts without raising an alarm. These are some of the apps that have been used by the hackers to steal your data: These apps are listed on the Play Store and if you have installed any of these, we highly advise you to delete/uninstall them right away. Also, make sure you don't sign up to hand over important passwords and passkeys to access these accounts. You should also set up two-factor security so that people cannot isolate the account access. Google always suggests its users to install these apps from genuine sources like the Play Store and not click on links for apps from unknown senders. Incidents of data theft with crypto wallets have increased in recent times, and the CRIL security warning is a clear sign of how hackers are modifying their targets and mode of attacks. AI is another big tool that hackers are deploying to build sophisticated attacks but most people just need to be smart and careful about how and where they source these apps for their devices. First Published: June 09, 2025, 10:10 IST
