“What makes this campaign particularly dangerous is the use of seemingly legitimate applications… combined with a large-scale phishing infrastructure linked to over 50 domains. This not only extends the campaign’s reach but also lowers the likelihood of immediate detection by traditional defenses.”
-Cyble
The mnemonic phrase is the “master key” of a digital wallet. With it, a cybercrook can gain access to all of the cryptocurrency and tokens associated with a digital wallet. Cyble came across apps that it says trick victims by giving these apps names similar to real popular wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium.
Developers involved in this scam were once known for distributing legitimate apps but have been compromised by criminals in order to make this scam work. If you have any of these nine apps installed on your phone, they must be deleted immediately:
- Pancake Swap
- Suite Wallet
- Hyperliquid
- Raydium
- BullX Crypto
- OpenOcean Exchange
- Meteora Exchange
- SushiSwap
- Harvest Finance Blog
The apps use phishing techniques in order to try to get the mnemonic phrase from a victim for his legitimate digital wallet. These phishing emails or texts are designed to get the victim so worried that he/she did something wrong or is about to get ripped off that he gives away his mnemonic phrase; this results in the victim’s digital wallet getting wiped out.
Cyble has already given the above app names to Google. Most were already removed while the others have been “reported for takedown.” But even if Google removes an app from the Play Store, if it is still installed in your phone, it can still cause havoc, especially for device owner. So even if you can’t find these titles in the Play Store anymore, you still must uninstall any of these names if they show up on your phone.
