A new malware, Android Malware CherryBlos, employs optical character recognition (OCR) techniques to pilfer sensitive data stored in images (OCR-Powered Data Theft).
Disguised in fake social media posts, CherryBlos has the ability to steal cryptocurrency wallet credentials and manipulate clipboard data.
Key Takeaways to Android Malware CherryBlos:
Table of Contents
- CherryBlos employs OCR to extract sensitive data from images on Android devices.
- The malware is capable of altering clipboard data, potentially leading to fraudulent transactions.
- Users must remain cautious and vigilant when downloading apps from unverified sources to avoid falling victim to CherryBlos.
CherryBlos: The OCR-Powered Android Malware
CherryBlos, the recently identified Android malware, raises concerns with its sophisticated use of optical character recognition (OCR) technology.
This innovative approach allows the malware to access and steal sensitive information from images stored on the targeted device.
Advanced Capabilities of CherryBlos
Once installed on an Android device, CherryBlos gains users’ permissions, enabling it to automatically grant itself additional access. To avoid detection and removal, the app redirects users to the home screen when they attempt to uninstall it or access the settings.
OCR for Stealing Cryptocurrency Wallets
CherryBlos targets cryptocurrency wallets by displaying fake overlays on legitimate wallet apps, luring victims to enter their credentials. Additionally, the malware leverages OCR to identify mnemonic phrases from images on the device.
The stolen data is then periodically sent to a remote server controlled by the attackers.
Synthnet App and Overlaps with FakeTrade Scam
Trend Micro has discovered a related app, Synthnet, developed by the same threat actors. Although Synthnet does not contain malware, its association with CherryBlos raises concerns.
Moreover, the attackers are linked to the FakeTrade scam, featuring 31 apps on the Google Play Store that deceive users seeking income opportunities through referrals and top-ups.
Global Impact and Vigilance Against Malware
The CherryBlos campaign primarily targets Android users in countries like Malaysia, Vietnam, Indonesia, the Philippines, Uganda, and Mexico.
As the threat landscape evolves, malware authors continue to devise new tactics to exploit victims and extract sensitive data.
SpyHide Surveillance App: A Global Menace
In addition to CherryBlos, a surveillance app called SpyHide has been stealthily collecting private phone data from thousands of Android devices worldwide since 2016. Such apps pose significant threats to personal privacy and security.
Vigilance is Key: Protecting Against Malware
Users must exercise caution and remain vigilant when downloading apps from unverified sources. Verifying developer information and scrutinizing app reviews can help mitigate potential risks.
Google’s Efforts to Enhance User Trust
To combat malicious apps, Google announced a change requiring new developer accounts registering as an organization to provide a valid D-U-N-S number assigned by Dun & Bradstreet before submitting apps.
This initiative aims to enhance user trust and safeguard against bogus developer accounts distributing malware.
Conclusion
With the emergence of CherryBlos and other sophisticated malware threats, users must stay proactive in protecting their devices and personal data. Implementing cautionary measures and staying informed about potential risks are crucial steps toward ensuring a safe digital environment.
About Trend Micro
Trend Micro is a leading cybersecurity company dedicated to protecting individuals and businesses from digital threats. Their research and expertise play a crucial role in combatting evolving cyber threats, contributing to a safer digital world for users worldwide.
