Overview

• Cyble researchers discovered more than 20 fake cryptocurrency wallet apps impersonating platforms such as PancakeSwap and SushiSwap on Google Play.
• Malicious apps uploaded via hacked developer accounts loaded phishing interfaces to steal users’ 12-word recovery phrases and drain real wallets.
• Google confirmed that all identified threats have been removed and that Google Play Protect now blocks or warns against these apps.
• The campaign involves over 50 fake domains and repurposed developer accounts, reflecting a coordinated racket that continues to surface new malicious apps.
• Experts advise downloading wallet apps only from verified sources, checking developer names and reviews, and never entering recovery phrases into untrusted apps.