Latest news with #Cyble
Metro
17 hours ago
- Metro
9 apps you should delete from your phone immediately
Hiyah Zaidi Published June 11, 2025 11:54am Link is copied Comments Experts have recommended people get rid of certain apps from their phone after a team of researchers uncovered a series of them which imitate the names or icons of legitimate ones. Many of us keep hundreds of apps on our phones and often forget about them shortly after they download – but that can make us vulnerable (Picture: Getty) Experts tend to urge people to download apps from official apps stores, such as the Apple's App Store or Google's Play Store. However, even that is not always guaranteed to keep you safe. A list, issued by cyber security software company Cyble, revealed that these fake digital crypto wallets apps open a phishing website or an in-app WebView once they have been installed and opened (Picture: Getty) The apps then request a mnemonic phrase which can be used to empty your crypto-wallet. The company found more than 20 apps target crypto users by impersonating 'popular wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium' which trick users into installs by using 'compromised or repurposed developer accounts'. Right now, they warn there are nine wallets that are being mimicked, but that list could grow as there are more than 20 apps currently identified (Picture: Getty) The apps you should delete immediately are:• Pancake Swap• Suiet Wallet• Hyperliquid• Raydium• BullX Crypto• OpenOcean Exchange• Meteora Exchange• SushiSwap• Harvest Finance Blog (Picture: Getty) Digital wallets have no safety net, so any losses can't be recovered. Therefore, it is important that you do not download any apps unless you are sure they are provided by the people behind the wallet, and you have linked to the app from the actual website. If you have any of these apps, its important to delete them (Picture: Getty) In the report, the team concluded: 'This campaign highlights a well-coordinated phishing operation targeting the rapidly growing user base of cryptocurrency wallets. By distributing over 20 counterfeit Android applications through the Google Play Store, the threat actors impersonate legitimate wallets such as PancakeSwap, SushiSwap, Raydium, and others to steal users' mnemonic phrases—the essential keys to accessing their digital assets. What makes this campaign particularly dangerous is the use of seemingly legitimate applications, hosted under previously benign or compromised developer accounts, combined with a large-scale phishing infrastructure linked to over 50 domains. This not only extends the campaign's reach but also lowers the likelihood of immediate detection by traditional defenses' (Picture: Getty) Cyble recommends that people download apps only from verified developers, and to look at reviews before downloading anything. They also stress that people should be using reputable antivirus and internet security software packages on your devices such as PCs, laptops and phones. As per, they recommend using multi-factor authentication, and for even more security try using biometric data where you can (Picture: Getty)
Daily Mail
2 days ago
- Daily Mail
Cybersecurity experts discover 20 apps skimming your digital wallet: 'Delete NOW'
Cybersecurity experts are warning that millions of people could be at risk of having their digital wallets emptied unless they delete several apps right away. A team at cybersecurity company Cyble has uncovered 20 apps that can trick people into handing over access of their cryptocurrency to hackers. The phony apps were found in the Google Play Store and impersonate trustworthy digital wallet apps available for download, using the same exact name or a close copy that could be easily overlooked. The fake apps include Pancake Swap, Suiet Wallet, Hyperliquid, Raydium, BullX Crypto, Meteora Exchange, Harvest Finance Blog, SushiSwap, and OpenOcean Exchange. These malicious apps also use identical or similar logos and designs to trick users into downloading them from the Google Play Store. Although the fake digital wallets use the same name as legitimate apps, people can tell if it's a phony by checking the developer name. The real PancakeSwap app will say that the developer is the PancakeSwap team, while the fake one that steals your money uses a developer 'package' that reads Cyble revealed that the other 11 apps that digital wallet users need to delete right away use variations of the app names for Suiet Wallet, Raydium, SushiSwap, Hyperliquid, BullX Crypto, and Harvest Finance blog, as well as different developer packages. Simply put, you may encounter multiple copies of the same SushiSwap app in the Google Play Store but only one of them is the real thing. Without checking the developer package and looking for other suspicious signs that the app is a fraud, you could download the wrong digital wallet and give a hacker a secret back door to your cryptocurrency. Key ways to spot a phony copy of a trust app include seeing a very low number of downloads. Normally, a popular app will have been downloaded thousands, if not millions, of times. A long list of positive reviews about the app on its Google Play Store page will also help prove that you've found the right one. Estimates show that more than 400 million people worldwide use cryptocurrency, including millions of Android owners. The fake apps are designed to trick users into entering their 12-word mnemonic phrase, a secret code used to access cryptocurrency wallets. Once entered, hackers can steal this phrase, gain access to your real wallet, and take your cryptocurrency, which can't be recovered once it's gone. Stolen cryptocurrency can't be returned because blockchain transactions are permanent, decentralized, and irreversible, giving users more anonymity than regular banking. The scheme could affect anyone who stores digital currencies like Bitcoin or Ethereum in one of these fraudulent wallets. Making the scam even harder to spot is the fact that researchers found the developer packages (or accounts) were at one time reputable app makers. 'These accounts were originally used to distribute legitimate apps, including gaming, video downloader, and live streaming applications, and some have amassed over 100,000 downloads,' the Cyble team wrote in their report. Hackers either compromised these accounts by stealing the login credentials of the original developers or repurposed them, meaning they bought or took over the accounts (legally or illegally) to use for their own purposes. Once in control of the app package, hackers used these trusted accounts to publish the 20 malicious cryptocurrency phishing apps, including the fake PancakeSwap and SushiSwap wallets. Since the accounts already had a history of being a legitimate service with high download numbers, the fake apps appeared to be almost as trustworthy as the real things in the Google Play Store. If you downloaded the fake wallet use your mnemonic phrase, hackers can access your actual cryptocurrency wallet on the blockchain, even if it's on a different app or device, since the phrase works universally for compatible wallets. The app itself is fake. It doesn't manage or store your crypto like a legitimate wallet. Instead, it's all a front to steal that security code. Once hackers have the phrase, they interact directly with the blockchain to move your real cryptocurrency to their wallets. To check if you've got the right app, go to your Android device's app settings or the Google Play Store to see if any of these apps (or their package names) are installed. Package names can be found in the Play Store under the app's details or in your device's app info. For iPhone users, Apple's App Store uses a stricter app review process. However, iPhone users aren't completely safe as similar phishing scams could target iOS through other means, like fake websites or unofficial app sources. Apple users can stay safe by sticking with downloads from the official App Store, avoid sideloading apps from unknown sources, and avoiding suspicious links in emails or texts asking for wallet details. Cyble Research and Intelligence Labs (CRIL) reported the fake apps to Google which has removed most of the apps, but some are still in the Play Store. 20 Malicious Digital Wallet Apps to Delete Immediately Pancake Swap - Package: Suiet Wallet - Package: Hyperliquid - Package: Raydium - Package: Hyperliquid - Package: BullX Crypto - Package: OpenOcean Exchange - Package: Suiet Wallet - Package: Meteora Exchange - Package: Raydium - Package: SushiSwap - Package: Raydium - Package: SushiSwap - Package: Hyperliquid - Package: Suiet Wallet - Package: BullX Crypto - Package: Harvest Finance blog - Package: Pancake Swap - Package: Hyperliquid - Package:
Irish Daily Mirror
2 days ago
- Irish Daily Mirror
Delete these nine apps from your smartphone now
In our technologically advancing world, we're all guilty of trusting the internet too much without considering what we might be giving up in return. This is where mobile applications come into play. Our smartphones are brimming with them, with nearly two million on Apple's App Store and almost three million on Google's Play Store - all readily available and easily accessible. It's often said that your average person has around 100 apps downloaded. Of course, there are the usual social media platforms like X/Twitter, Facebook and Reddit, then you have news apps like The Mirror US' very own app available on all devices, plus dating apps like Tinder, Bumble, games like Clash of Clans, and many more. We're constantly urged by all the big mobile and security companies to only download applications from the official stores, but it turns out even that isn't guaranteed to keep you 100 per cent safe. Researchers at Cyble have uncovered a range of apps that had fooled their way onto the Play Store by imitating the names or icons of legitimate digital wallets, reports the Mirror US. Once these apps are installed onto your mobile device, they open a phishing website or an in-app WebView where they request mnemonic phrases that can be used to completely empty your wallet. Cyble found more than 20 different apps targeting crypto wallet users by impersonating well-known wallets like SushiSwap, PancakeSwap, Hyperliquid and Raydium. A total of nine wallets are currently being cloned, sparking fears that this could escalate and impact even more individuals. The Mirror US advises deleting particular apps immediately if found on your smartphone – make sure Google's Play Protect is activated to keep your device secure. Cybersecurity firm Cyble cautions: "[These apps] employ phishing techniques to steal users' mnemonic phrases, which are then used to access real wallets and drain cryptocurrency funds." They add, "They have been progressively discovered over recent weeks, reflecting an ongoing and active campaign." All newly identified rogue apps are reported to Google, who is actively working to eradicate them from the PlayStore. The Mirror US has approached Google for an official statement on these security concerns and awaits their response.
Phone Arena
5 days ago
- Phone Arena
These apps tricked Google to list them in the Play Store and you must delete them from your phone
You might feel safe installing apps from the Play Store. After all, Google says that its Google Play Protect scans apps looking for apps that could come back to bite you in the, well, you know. Since you were a baby in your crib, your parents probably told you over and over again only to install apps from official app storefronts such as Apple's App Store and the Google Play Store. But you must have been disillusioned when, as a teen, you discovered that some apps managed to trick their way into the Play Store. -Cyble The mnemonic phrase is the "master key" of a digital wallet. With it, a cybercrook can gain access to all of the cryptocurrency and tokens associated with a digital wallet. Cyble came across apps that it says trick victims by giving these apps names similar to real popular wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium. One of the fake digital wallet apps that managed to get past Google and was listed in the Play Store. | Image credit-Cyble Developers involved in this scam were once known for distributing legitimate apps but have been compromised by criminals in order to make this scam work. If you have any of these nine apps installed on your phone, they must be deleted immediately: Pancake Swap Suite Wallet Hyperliquid Raydium BullX Crypto OpenOcean Exchange Meteora Exchange SushiSwap Harvest Finance Blog The apps use phishing techniques in order to try to get the mnemonic phrase from a victim for his legitimate digital wallet. These phishing emails or texts are designed to get the victim so worried that he/she did something wrong or is about to get ripped off that he gives away his mnemonic phrase; this results in the victim's digital wallet getting wiped out. Cyble has already given the above app names to Google. Most were already removed while the others have been "reported for takedown." But even if Google removes an app from the Play Store, if it is still installed in your phone, it can still cause havoc, especially for device owner. So even if you can't find these titles in the Play Store anymore, you still must uninstall any of these names if they show up on your phone.
Forbes
5 days ago
- Forbes
Delete Every App On Your Smartphone That's On This List
All these apps are dangerous You probably have at least 100 apps on your phone — likely more. And there's plenty of choice, almost 2 million apps on Apple's App Store and nearer 3 million on Google's Play Store. You're urged only to install apps from official stores, but sometimes even that doesn't keep you safe. So it is with a new list of apps you must delete right now. This list comes courtesy of Cyble, whose researchers discovered a raft of apps had tricked their way onto Play Store despite mimicking the names and icons of legitimate digital wallets. Once installed and opened, the apps open a phishing website or an in-app WebView, requesting the mnemonic phrases that can be used to empty the wallet. Cyble found more than 20 apps, 'targeting crypto wallet users' by impersonating 'popular wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium,' and tricking users into dangerous Play Store installs 'by using 'compromised or repurposed developer accounts.' The apps named after those targeted wallets are listed below. Fake wallets apps. There were multiple apps per targeted wallet, which is why there are only 9 app names to look for. All seem to come from different developers, but 'exhibit consistent patterns, such as embedding Command and Control (C&C) URLs within their privacy policies and using similar package names and descriptions.' Those developer accounts once distributed legitimate apps, but have been compromised for this malicious campaign. Cyble warns these apps 'employ phishing techniques to steal users' mnemonic phrases, which are then used to access real wallets and drain cryptocurrency funds.' The apps were not discovered all at once, but over recent weeks. And as they're reported they're being removed from Play Store. Check the list above and delete any on your phone. And also ensure that Google's Play Protect is always enabled on your phone. Fake wallets apps Cyble says 'these apps have been progressively discovered over recent weeks, reflecting an ongoing and active campaign,' and all were reported to Google. Most were already removed prior to publication, while the rest 'have been reported for takedown.' 'What makes this campaign particularly dangerous,' the researchers say, 'is the use of seemingly legitimate applications… combined with a large-scale phishing infrastructure linked to over 50 domains. This not only extends the campaign's reach but also lowers the likelihood of immediate detection by traditional defenses.' There's no safety net with digital wallets. Losses wont be recovered. Do not install apps unless you know they're provided by the entity behind the wallet itself and you've linked to the app from the actual website. If you have any of these apps, delete them.
