From time to time, we get reports about some Android apps that have the potentials to cause harm to you and your phone and we tell you to uninstall to avoid being duped. Well, this is one of those times. There are some apps that sources have discovered to extort confidentials from users so you should uninstall to avoid being duped – if you have them on your smartphone. Let’s take a look at which apps and the details of this development.
Android malware: uninstall to avoid being duped
The cybersecurity firm Trend Micro Research has discovered two types of Android malware that specifically target users of bitcoin and finance apps. The first malware, known as Cherry Blos, spreads through social media marketing and tricks users into downloading dangerous programs from phishing websites. Once installed, Cherry Blos can steal crypto credentials and manipulate withdrawal addresses, leading to potential financial losses for users.
To avoid detection, Cherry Blos uses a professional packer called Jiagubao, which has advanced protective features. It requests access rights from users and employs anti-kill measures, such as ignoring battery optimization and returning users to the home screen when they try to access the app’s settings. This is likely done to prevent the malware from being easily removed by the user. Four programs containing Cherry Blos malware were found hosted on various websites.
The attack technique used by Cherry Blos involves presenting a fake interface when a user launches a legitimate app, which allows the malware to steal login credentials. The money withdrawn by the malware is then transferred to an address controlled by the attacker. The malware also uses OCR (Optical Character Recognition) to find suitable mnemonic phrases that may be used in cryptocurrency wallets.
The other set of applications discovered by Trend Micro Research is part of the FakeTrade campaign. These apps lure victims with promises of making money through referrals and top-ups but restrict users from withdrawing funds when they attempt to do so.
Cherry Blos has been associated with these applications, which were previously available on Google Play in specific countries but have since been removed. Users are advised to uninstall any of these listed applications immediately if they had mistakenly installed them on their devices.
- AMA
- BBShop
- Canyon
- Domo
- Envoy
- Fair
- FIRETOSS
- Gobuy
- GoDo
- Goshop
- Huge
- Koofire
- Leefire
- Moshop
- NtBuy
- Onefire
- Papaya
- Saya
- Smartz
- Upwork
- WebFx
- Youtech
In the future, it’s essential to download apps only from reputable sources and to read reviews to ensure they are safe and legitimate. Taking these precautions can help protect users from falling victim to such malware attacks.
To get our latest news once they’re published, please follow us on Google News, Telegram, Facebook, and Twitter. We cover general tech news and are the first to break the latest MIUI update releases. Also, you get issues-solving “How To” posts from us.