- Fake Google Play pages spread malware that mines crypto using XMRig on infected Android devices.
- Malware targets Binance and Trust Wallet, replacing wallet addresses during USDT transfers.
- Google flags DarkSword exploit on iOS enabling Ghostblade malware to extract wallet data.
Cybersecurity researchers have identified a new wave of mobile threats targeting cryptocurrency users through fake app distribution channels. Reports indicate that attackers are creating imitation Google Play pages to spread malicious Android applications.
These apps are designed to mine cryptocurrency, steal sensitive data, and interfere with digital asset transactions. The activity has been observed in Brazil, where users have been affected by multiple malware variants.
Fake App Stores Used to Distribute Malware
Security analysts report that attackers are building fake versions of the Google Play Store.
Attackers design these pages to mimic official platforms, making it hard for users to spot the difference. Once users download apps from these sources, the malware installs itself on their devices.
Hackers in Brazil have been using a fake Google Play Store to hijack mobile phones for cryptocurrency mining and steal #USDT. 🚨 A new #cybersecurity warning has emerged from Brazil as hackers deploy sophisticated tactics to spread #Android malware. According to recent reports,…
— WATCHTOWER (@news_24_365) March 22, 2026
The malicious applications operate in the background and begin executing hidden processes. In many cases, users remain unaware that their devices have been compromised.
The apps are distributed through links shared across various online channels.
Researchers noted that these fake pages are part of a broader strategy to bypass official app store protections. By imitating trusted platforms, attackers increase the chances of successful downloads.
Malware Turns Devices Into Crypto Mining Tools
Once installed, the malware activates cryptocurrency mining software on the infected device. Reports indicate that some variants use XMRig to mine digital assets. This process consumes device resources such as processing power and battery life.
SecureList: Hackers are using fake Google Play pages to spread Android malware in Brazil that turns phones into crypto mining devices (via XMRig) and installs banking Trojans. Some variants target Binance and Trust Wallet, replacing wallet addresses during USDT transfers and… pic.twitter.com/orFCVB86pz
— Wu Blockchain (@WuBlockchain) March 22, 2026
The mining activity runs continuously in the background, which can cause devices to slow down or overheat. Users may notice reduced performance, but the source of the issue is not always clear.
In addition to mining, the malware can install other harmful components. These include programs that allow attackers to control the device remotely and access stored data.
Wallet Attacks Target USDT Transfers and Apps
The malware also targets cryptocurrency wallets and financial applications. Reports indicate that some variants focus on platforms such as Binance and Trust Wallet. These apps are commonly used for digital asset transactions.
During USDT transfers, the malware can overlay fake interfaces on top of legitimate apps. This allows attackers to replace wallet addresses without the user noticing. Funds may then be redirected to attacker-controlled accounts.
Researchers describe this method as a form of transaction manipulation. The process occurs in real time, making it difficult for users to detect before completing a transfer.
iOS Exploit and Broader Threat Landscape
In addition to Android threats, security teams have identified activity targeting iOS devices. Google’s threat analysis group identified a tool called DarkSword that deploys Ghostblade malware. This software extracts wallet data directly from compromised devices.
The presence of threats across both major mobile platforms highlights the evolving nature of cyberattacks. Attackers are using multiple methods to target cryptocurrency users and gain access to digital assets.
Security experts advise users to download applications only from verified sources and to keep devices updated. Monitoring unusual device behavior and reviewing transaction details can also help reduce exposure to these threats.
As mobile usage continues to grow, the security of digital assets remains a focus for both users and developers. Ongoing research and awareness are key factors in addressing these types of attacks.
The post Fake Google Play Apps Hijack Crypto Wallets and Mine Coins appeared first on Live Bitcoin News.
