Fake Binance Mobile App Stealing Exchange Credentials and 2FA Codes
Counterfeit Binance applications distributed via phishing sites, third-party APK sources, and search ads capture login credentials and intercept two-factor codes in real time, handing attackers instant access to exchange accounts and cryptocurrency balances.
Part of: Fake App Downloads
Last reviewed: 8 June 2026
Binance's official mobile app is used by tens of millions of traders worldwide. Its popularity makes it one of the most frequently impersonated applications in the Android APK ecosystem, where attackers post convincing fake versions of the app with Binance's branding, interface, and functionality — minus any actual connection to Binance's secure systems.
Fake Binance apps are primarily found via phishing emails that invite users to download a 'security update,' via search ads that mimic the official download experience, and via social-media posts in trading communities promoting 'enhanced' or 'unrestricted' versions of the app. The APK format makes Android users particularly vulnerable, as sideloading bypasses the Play Store's malware screening.
Once installed, the fake app captures credentials at login and may overlay a fake OTP entry screen at the same moment the attacker is attempting to log in to the real Binance platform — a classic real-time phishing relay attack.
How this scam works on the Binance brand
The genuine Binance app is distributed only through the Google Play Store and Apple App Store, published by Binance Inc. Binance's download page at binance.com also links to these official stores. Binance will never distribute an APK via email or through a third-party download site.
A real-time credential relay works like this: the victim installs the fake app and enters their username and password. The app immediately forwards these credentials to the attacker's server, which simultaneously attempts a login on the real Binance platform. Binance's real system prompts for a 2FA code. The fake app then presents the victim with a fake 2FA screen, capturing the code and forwarding it to the attacker before the timeout — giving the attacker a completed authenticated session on the real platform.
With this session, the attacker can view balances, initiate withdrawals to whitelisted addresses (if not yet restricted), or create API keys for ongoing access.
Common red flags
- You were directed to download the Binance app from an email link, social media, or a website other than the official app stores
- The APK installation requires you to enable 'Install from unknown sources'
- After entering your credentials, the app appears to reload or shows a brief error before working
- The app requests SMS-read permissions that a genuine exchange app should not need
- The official Binance app from the app store has a significantly different file size from the version you downloaded
- The app's publisher in the store is not listed as 'Binance Inc.' exactly
How to protect yourself
- Download Binance only from the Google Play Store or Apple App Store, verifying the publisher is 'Binance Inc.'
- Never enable 'Install from unknown sources' for any financial application
- Use Binance's anti-phishing code so genuine Binance emails include a recognisable phrase
- Enable an authenticator-app 2FA rather than SMS-based OTP codes
- Enable Binance's withdrawal whitelist so attackers cannot immediately transfer funds even with account access
- Log out of Binance when not actively trading and review recent login activity in Security settings
How to report it
- Report the fake app or phishing URL to Binance's security team at binance.com/en/support
- Report the APK distribution site to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/
- Report the fake app to the Google Play Store or Apple App Store abuse team
- File a report with the FTC at reportfraud.ftc.gov
- Report to IC3.gov (US) or Action Fraud 0300 123 2040 (UK)
Frequently asked questions
What is a 'real-time credential relay' and how does it defeat 2FA?
A real-time relay instantly forwards the credentials you enter to an attacker who simultaneously uses them on the real Binance site. When Binance requests the 2FA code, the fake app prompts you for it and passes it on before it expires. The attacker's login completes in the same window you believe you are logging in normally.
How do I verify the Binance app I have is genuine?
Open the Google Play Store or Apple App Store, search for Binance, and confirm the publisher is 'Binance Inc.' with millions of reviews. You can also compare the app's package name (com.binance.dev on Android) with the genuine package name listed on Binance's official download page.
Does sideloading APKs always mean the app is malicious?
Not always — some legitimate apps require sideloading. But financial applications should only be installed from official store listings. The risk of a malicious fake is too high to justify installing a Binance-branded APK from any unofficial source.