New malware threats target Android users on Google Play

Date:

spot_imgspot_img

Shillong, July 30: A recent report by cybersecurity software company Trend Micro has revealed the discovery of two new malware families on Google Play, named CherryBlos and FakeTrade.

These malicious apps are specifically designed to steal cryptocurrency credentials and funds, as well as conduct scams using optical character recognition (OCR).

Both malware families appear to be the work of the same threat actors, as they use the same network infrastructure and certificates. The distribution of these harmful apps is wide-ranging, with channels including social media, phishing websites, and even legitimate shopping apps on Google Play.

IANS reported that CherryBlos malware was initially spotted in April 2023, masquerading as APK files marketed as AI tools or cryptocurrency miners on platforms like Telegram, Twitter, and YouTube. The malicious APKs go by names such as GPTalk, Happy Miner, Robot999, and SynthNet.

Once the CherryBlos malware is downloaded (AndroidOS_CherryBlos.GCL), it gains the ability to steal cryptocurrency wallet-related credentials and manipulate victims’ withdrawal addresses. Additionally, the malware possesses an intriguing feature enabled through OCR. This feature allows CherryBlos to extract text from photos and images, which is then uploaded to the command-and-control (C&C) server at regular intervals.

The FakeTrade malware, on the other hand, was linked to a Google Play campaign involving 31 scam apps. These apps use the same C2 network infrastructure and certifications as the CherryBlos apps. The FakeTrade apps employ shopping themes and enticing money-making promises to deceive users into watching commercials, subscribing to premium services, or adding funds to their in-app wallets, all while preventing them from claiming the virtual rewards.

The discovery of these new malware families highlights the ongoing importance of vigilance and caution when downloading apps from Google Play or other sources. Android users must stay aware of potential threats and employ cybersecurity measures to protect their devices and sensitive information.

spot_imgspot_img

Related articles

Asha Bhosle praises PM Modi’s discipline and leadership on his 75th birthday

Mumbai, Sep 17: Legendary singer Asha Bhosle praised Prime Minister Narendra Modi for his discipline, dedication, and kind-hearted...

Patna HC orders Congress to remove AI video on PM Modi’s mother from social media

Patna, Sep 17: The Patna High Court on Wednesday expressed strong displeasure over the Bihar Congress' recent social...

Assam govt promoting skill development in Bodoland: CM Sarma

Guwahati, Sep 17: Assam Chief Minister Himanta Biswa Sarma on Wednesday highlighted the state government’s initiatives to promote...

‘A very happy birthday’, Shashi Tharoor greets PM Modi on his 75th birthday

Thiruvananthapuram, Sep 17: Four-time Congress MP from Thiruvananthapuram, Shashi Tharoor, on Wednesday extended birthday greetings to Prime Minister...