Crypto Phishing Applications On The Play Store

SUMMARY :

An investigation uncovered more than 20 cryptocurrency phishing applications on the Google Play Store impersonating legitimate wallets like SushiSwap and PancakeSwap. These malicious apps employ phishing techniques to steal users' mnemonic phrases, allowing access to real wallets and theft of funds. The apps share common patterns, including embedded C&C URLs in privacy policies and similar package names. They are distributed through compromised developer accounts previously used for legitimate apps. Two main types were identified: those using the Median framework and those directly loading phishing URLs into WebViews. The campaign demonstrates a coordinated operation with a large-scale phishing infrastructure linked to over 50 domains.

OPENCTI LABELS :

phishing,android,cryptocurrency,google play store,webview,mnemonic phrases,median framework,wallet impersonation


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Crypto Phishing Applications On The Play Store