Crypto Phishing Applications On The Play Store
June 23, 2025, 11:13 p.m.
Description
An investigation uncovered more than 20 cryptocurrency phishing applications on the Google Play Store impersonating legitimate wallets like SushiSwap and PancakeSwap. These malicious apps employ phishing techniques to steal users' mnemonic phrases, allowing access to real wallets and theft of funds. The apps share common patterns, including embedded C&C URLs in privacy policies and similar package names. They are distributed through compromised developer accounts previously used for legitimate apps. Two main types were identified: those using the Median framework and those directly loading phishing URLs into WebViews. The campaign demonstrates a coordinated operation with a large-scale phishing infrastructure linked to over 50 domains.
Tags
Date
- Created: June 20, 2025, 7:25 p.m.
- Published: June 20, 2025, 7:25 p.m.
- Modified: June 23, 2025, 11:13 p.m.
Indicators
- 4b35a1ed93ab68f0401de34d4eb5dbb582465ee2a8428e16d0beac8bf87a09af
- 4aa3659c50616d21ef0bda1389cba1ad3fe768b9dd25eee09289ece97cd3623f
- 94.156.177.209
- walrusod.sbs
- sushijames.sbs
- sushiblogsite.site
- suiscanfl.sbs
- suivisionsl.sbs
- suietwz.sbs
- suietsiz.cz
- staratlas.sbs
- suietwallets.site
- solscanpv.ru
- raydiumblogs.site
- raydiumsm.sbs
- raydifloyd.cz
- raydi-commerce.cz
- pumpjake.sbs
- piwalletblog.blog
- pancakws.ru
- pancakefentfloyd.cz
- openoceansi.sbs
- meteorasp.ru
- meteorafloydoverdose.sbs
- meteorablog.site
- jumperblogs.site
- hyperliqw.sbs
- harvestfin.sbs
- cryptoknowledge.click
- cetusdi.sbs
- bullxni.sbs
- bubblemapsblogs.sbs
- bravebn.sbs
- bitunixflo.sbs
- aerodromesblogs.site
- aerodromeaz.sbs
Additional Informations
- Technology
- Finance