New Android Malware Steal Sensitive Data

A new Android malware called CherryBlos has been discovered, and it’s using clever techniques to steal sensitive data from users’ devices. This malware spreads through fake posts on social media platforms. Once installed, it can steal credentials related to cryptocurrency wallets and perform a sneaky trick called “clipper” by replacing wallet addresses copied to the clipboard.

CherryBlos is quite cunning in evading detection and removal. It tricks users by asking for accessibility permissions, and then it grants itself additional permissions without their knowledge. If someone tries to uninstall the app from the Settings, it cleverly redirects them back to the home screen.

To steal even more information, CherryBlos overlays fake screens on top of legitimate crypto wallet apps, tricking users into entering their credentials. But what sets this malware apart is its use of optical character recognition (OCR). It scans images and photos stored on the device, looking for wallet recovery phrases. These phrases are periodically sent to a remote server, giving the attackers access to the victim’s sensitive information.

The success of CherryBlos depends on users’ habits of taking screenshots of their wallet recovery phrases. This can inadvertently expose them to this type of attack.

Interestingly, Trend Micro, a cybersecurity company, found an app named Synthnet developed by the same threat actors on the Google Play Store. However, Google has since taken it down as it did not contain the malware.

These attackers appear to have involvement in another scam called FakeTrade, consisting of 31 money-earning apps. They uploaded these apps to the Play Store in 2021 and primarily targeted Android users in various countries, including Malaysia, Vietnam, Indonesia, Philippines, Uganda, and Mexico. The FakeTrade apps claim to be e-commerce platforms promising increased income through referrals and top-ups, but they prevent users from withdrawing their funds when they attempt to do so.

It’s worth noting that a similar phishing campaign targeted Japanese Android users. The attackers pretended to be a power and water infrastructure company and infected devices with malware called SpyNote. This campaign occurred in early June 2023. The malware used deceptive tactics to gain Accessibility permissions and install another malware without the user’s knowledge.

These incidents highlight the importance of being cautious while installing apps and sharing sensitive information. Always be vigilant and use reliable security software to protect your Android device from potential threats, accordint to the hacker new

New SpyHide Surveillance App Exposes Privacy Risks on 60,000 Android Devices

In the ever-changing cyber threat landscape, malware authors continuously come up with new tactics to steal sensitive data and harm victims. Google has taken measures to limit the misuse of accessibility APIs by blocking sideloaded apps from using them.

However, malware like stealers, clippers, spyware, and stalkerware still pose significant risks to personal privacy and security. Recent research discovered a surveillance app called SpyHide that has secretly collected private data from around 60,000 Android devices since 2016.

To protect themselves, users should be cautious about downloading apps from unverified sources, verify developer information, and check app reviews to reduce potential risks.

Despite efforts to secure the Play Store, threat actors can still create fake developer accounts to distribute malware. To address this, Google will soon require new developer accounts to provide a valid D-U-N-S number from Dun & Bradstreet, starting on August 31, 2023, aiming to build user trust and safety, click here for more update