Delete Every App On Your Smartphone That’s On This List

You probably have at least 100 apps on your phone — likely more. And there’s plenty of choice, almost 2 million apps on Apple’s App Store and nearer 3 million on Google’s Play Store. You’re urged only to install apps from official stores, but sometimes even that doesn’t keep you safe. So it is with a new list of apps you must delete right now.

ForbesMicrosoft Issues Critical Update For Windows Users—Do Not Delete ThisBy Zak Doffman

This list comes courtesy of Cyble, whose researchers discovered a raft of apps had tricked their way onto Play Store despite mimicking the names and icons of legitimate digital wallets. Once installed and opened, the apps open a phishing website or an in-app WebView, requesting the mnemonic phrases that can be used to empty the wallet.

Cyble found more than 20 apps, “targeting crypto wallet users” by impersonating “popular wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium,” and tricking users into dangerous Play Store installs “by using “compromised or repurposed developer accounts.” The apps named after those targeted wallets are listed below.

There were multiple apps per targeted wallet, which come from different developers, but “exhibit consistent patterns, such as embedding Command and Control (C&C) URLs within their privacy policies and using similar package names and descriptions.” Those developer accounts once distributed legit apps, but have now been compromised.

1. Pancake Swap
2. Suiet Wallet
3. Hyperliquid
4. Raydium
5. BullX Crypto
6. OpenOcean Exchange
7. Meteora Exchange
8. SushiSwap
9. Harvest Finance Blog

Cyble warns these apps “employ phishing techniques to steal users’ mnemonic phrases, which are then used to access real wallets and drain cryptocurrency funds.” The apps were not discovered all at once, but over recent weeks. And as they’re reported they’re being removed from Play Store. Check the list above and delete any on your phone. And also ensure that Google’s Play Protect is always enabled on your phone.

Cyble says “these apps have been progressively discovered over recent weeks, reflecting an ongoing and active campaign,” and all were reported to Google. Most were already removed prior to publication, while the rest “have been reported for takedown.”

“What makes this campaign particularly dangerous,” the researchers say, “is the use of seemingly legitimate applications… combined with a large-scale phishing infrastructure linked to over 50 domains. This not only extends the campaign’s reach but also lowers the likelihood of immediate detection by traditional defenses.”

ForbesNew Chrome, Edge Warning—Update Browser By June 26 DeadlineBy Zak Doffman

There’s no safety net with digital wallets. Losses wont be recovered. Do not install apps unless you know they’re provided by the entity behind the wallet itself and you’ve linked to the app from the actual website. If you have any of these apps, delete them.