Cybersecurity experts urge smartphone users to delete specific apps found on the Play Store after a phishing campaign targeting crypto wallets was uncovered. Here's the full list and what you need to know.

Alarming Surge in Malicious Apps Triggers Urgent Warning

Delete All Apps from Your Phone That Appear on This Dangerous List—that’s the stern advice from cybersecurity firm Cyble, which has uncovered a disturbing trend. A wave of malicious applications, some disguised as legitimate crypto wallet tools, have infiltrated the Google Play Store, putting millions of users at risk.

With nearly 3 million apps on the Play Store and 2 million on Apple’s App Store, most users trust these platforms to offer safe downloads. However, Cyble’s recent investigation shows that official stores are no longer a guarantee of protection.

Phishing Campaign Targets Crypto Users


The core of this threat lies in a sophisticated phishing campaign that exploits the trust users place in mobile applications. More than 20 malicious apps were identified, each designed to mimic genuine cryptocurrency wallet tools. Once installed, these apps launch a built-in WebView or phishing interface, prompting users to enter private wallet credentials—effectively handing cybercriminals the keys to their crypto assets.

According to Cyble, these apps weren’t flagged all at once. Instead, they were discovered gradually over the past few weeks. The dangerous software was swiftly removed by Google upon discovery, but not before potentially compromising thousands of devices.

Delete All Apps from Your Phone Listed Below


If any of the following apps are currently installed on your device, cybersecurity experts strongly recommend removing them immediately:

  • Pancake Swap

  • Suiet Wallet

  • Hyperliquid

  • Raydium

  • BullX

  • Crypto

  • OpenOcean

  • Exchange

  • Meteora Exchange

  • SushiSwap

  • Harvest

  • Finance Blog

These apps, though listed under different developers, share alarming similarities. Many link to Command and Control (C&C) servers in their privacy policies and use nearly identical package names and descriptions. Cyble notes that the developer accounts involved previously published legitimate apps but appear to have been hijacked for malicious intent.

Sophistication and Scope Raise Red Flags


"What makes this campaign particularly dangerous is the use of applications that look legitimate combined with a large phishing infrastructure connected to more than 50 domains," Cyble researchers explained. "This not only expands the reach of the campaign but also reduces the possibility of rapid detection by traditional defenses."

The hackers' ability to replicate trustworthy app features and distribute them through the Play Store illustrates a significant leap in cyberattack complexity. This evolution calls for greater user vigilance.

Protecting Yourself: Enable Google Play Protect


To shield yourself from similar threats in the future:

  • Delete all apps from your phone that appear in the above list.

  • Ensure Google Play Protect is enabled to scan for threats in real-time.

  • Avoid downloading apps from unofficial sources.

  • Regularly audit your installed apps and app permissions.

With the cryptocurrency space increasingly becoming a target for cybercriminals, mobile security must remain a top priority. Cyble’s findings are a stark reminder: even apps downloaded from trusted sources can pose serious risks.