PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Delete These Android Crypto Apps Now: 20 Phishing Apps Found on Play Store

Cybersecurity researchers have found 20 malicious apps that snuck onto Google’s Play Store to try and drain people's funds from their wallets.

James Peckham
 & James Peckham Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Camilo Freedman/Bloomberg via Getty Images)

Researchers have found 20 Android apps designed to steal cryptocurrency by impersonating popular wallets and gaining access by faking services. If you have crypto, you should ensure you haven't downloaded any of these fake apps.

Experts at Cyble Research and Intelligence Labs (CRIL) found the apps on the Google Play Store, which have since been removed. Some of the apps had been downloaded hundreds of thousands of times, and if they're on your device, they'll remain there until you manually delete them.

The fake apps impersonate services Bulix Crypto, Harvest Finance blog, Hyperliquid, Meteora Exchange, OpenOcean Exchange, Pancake Swap, Raydium, Suiet Wallet, and SushiSwap. CRIL found multiple fake apps for some services.

If you use any of these crypto platforms, head to Cyble's full research report to see the specific Android package names to help you identify whether you downloaded a malicious version instead of the official app.

Those who installed the apps were redirected to a URL where they were asked for a 12-word phrase connected to their official wallet. With that phrase, the threat actor was sometimes able to take funds from the wallet.

Recommended by Our Editors

Man Behind $10 Billion Bitfinex Bitcoin Hack Released Early, Thanks Trump’s Crime Act
Man Behind $10 Billion Bitfinex Bitcoin Hack Released Early, Thanks Trump’s Crime Act
In a Rarity, Bitcoin Hobbyist Hits the Jackpot, Mines Entire Block Worth $270K
In a Rarity, Bitcoin Hobbyist Hits the Jackpot, Mines Entire Block Worth $270K
LimeWire Buys the Fyre Festival Name. Yes, There's a Crypto Angle
LimeWire Buys the Fyre Festival Name. Yes, There's a Crypto Angle

Cyble says the scammers used developer accounts that were already established with multiple apps on offer. Some of these were uploaded by accounts that previously offered Android games.

A spokesperson for Google told PCMag, “All of the identified malicious apps from this report have been removed from Google Play. Users are automatically protected by Google Play Protect, which can warn users or block apps known to exhibit malicious behavior on Android devices with Google Play Services.”

If you’ve downloaded one of these and you’re worried you’ve been tricked, you should find an alternative way to access your crypto wallet without using the fake app. Change your access information and report the potential of malicious access directly to the service.

If you remain concerned, you may also decide to take your funds from the account and put them in an alternative service to ensure your money is safe.

About Our Expert

James Peckham

James Peckham

Reporter

I’ve been a journalist for over a decade after getting my start in tech reporting back in 2013. I joined PCMag in 2025, where I cover the latest developments across the tech sphere, writing about the gadgets and services you use every day. Be sure to send me any tips you think PCMag would be interested in.

I’ve worked at TechRadar, Android Police, T3, and more, where I broke many tech stories you may have read, including the return of the Motorola Razr when it first became a foldable phone. Based near London, I’ve appeared on BBC News, Al Jazeera, and other TV networks, podcasts, and radio shows as an expert on the latest tech stories and trends.

Read the latest from James Peckham

Read full bio