Over 20 Malicious Google Play Apps Steal Users’ Login Credentials

A major security alert has been issued for Android users after cybersecurity researchers uncovered more than 20 malicious applications on the Google Play Store designed to steal users’ login credentials, specifically targeting cryptocurrency wallet holders.

The campaign, identified by Cyble Research and Intelligence Labs (CRIL), reveals a sophisticated phishing operation that has already compromised the safety of countless users worldwide.

How the Scam Works

The malicious apps impersonate popular crypto wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium, among others.

Disguised as legitimate wallet tools, these apps prompt users to enter their sensitive 12-word mnemonic or recovery phrases—the critical keys granting access to their crypto funds.

Once entered, these credentials are transmitted to attackers, who can then drain the victims’ wallets, resulting in irreversible financial losses.

Researchers found that threat actors distributed these apps through compromised or ...