Ddos 
Both the Apple App Store and Google Play Store are frequently found to host malicious applications, despite the implementation of automated security checks by Apple and Google. These measures, while robust, cannot guarantee the absolute safety of every app available on their platforms.
A recent example involves phishing apps targeting cryptocurrency users that successfully bypassed Google Play Store’s review process and were made publicly available. Upon downloading these malicious or counterfeit applications, users are prompted to enter their wallet seed phrases or recovery keys.
Should a user unwittingly submit their recovery credentials, their entire cryptocurrency holdings can be drained instantly. This serves as a timely reminder: under no circumstances should you ever enter your wallet’s seed phrase or recovery key—doing so is tantamount to handing your digital assets over to someone else.
These malicious apps were uncovered by the Research and Intelligence Labs at cybersecurity firm Cyble. Investigators discovered that attackers are leveraging a tool known as the Median framework to orchestrate large-scale phishing campaigns.
The Median framework allows for the rapid conversion of phishing websites into Android applications. Using this method, attackers embed fake websites directly into the app, loading them via WebView. When a user launches such an app, the phishing site is immediately displayed, prompting them to input sensitive wallet information.
These counterfeit websites are visually indistinguishable from legitimate ones. For instance, a fake PancakeSwap site mimics the original interface so convincingly that users who overlook the URL or access the page through the app’s built-in browser are unlikely to detect the deception.
Notably, among the 22 malicious applications identified, some were published under developer accounts that were not newly registered. In fact, several had previously been used to distribute legitimate apps or games, making it extremely difficult for researchers to trace the attackers’ true identities through the developer credentials.
This suggests that attackers may have purchased dormant or inactive developer accounts through underground channels—or possibly hijacked them—to either rent or sell to threat actors for distributing malicious software.
While the majority of these harmful apps have since been removed from the Play Store following reports by researchers, a few remain accessible. Google is now using its Play Protect mechanism to scan installed apps for malicious behavior. If a user receives a security alert from Google, it is a clear indication that their device has been compromised.
Related Posts:
- Malicious Packages Stealing Crypto Credentials: A Warning for Developers
- Solana Drainer Source Code Leak Reveals MS Drainer Connection, Underscores Growing Threat to Crypto Users
- Hackers make poisoned Final Cut Pro specifically to target Mac users
- Crocodilus Trojan Evolves: Android Malware Goes Global with New Seed Phrase Stealer and Contact Injection
- Hardware wallet manufacturer Ledger exists serious flaws
Donate