Skip to main content

Beware of CherryBlos, the Android malware that steals passwords

Kurt "The CyberGuy" Knutsson warns about two types of malware that can hack into your Android device and steal your data if you download a corrupted app.

Picture this: You're scrolling through your photos, reminiscing on good times, and out of nowhere – BAM! Your bank account is suddenly empty. How did that happen, you wonder? 

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER 

Well, my friends, welcome to the era of CherryBlos and FakeTrade, two cunning new forms of Android malware that were discovered by Trend Micro, which can lift your passwords and other precious data from your photo album. 

Let's talk about CherryBlos first. Now, this malware, believe it or not, operates under the guise of an AI-powered cryptocurrency mining app known as SynthNet. The camouflage is so convincing that it successfully infiltrated the Google Play Store, deceiving users into downloading it. But the trickery doesn't end there. 

The crafty creators of CherryBlos went the extra mile to exploit social media platforms like Twitter and Telegram. They promoted this malicious app through posts and direct messages, luring unsuspecting users with the promise of a tech-savvy, crypto-rich future. All it takes is one click on that download link, and CherryBlos becomes an unwanted guest on your device. 

MORE: BEWARE OF THIS NEW MAC MALWARE TARGETING YOUR DATA & DEVICES  

Once installed, CherryBlos employs a sophisticated tactic known as "fake overlays." If you're wondering what that means, it's just as devious as it sounds. Essentially, this malware can create a counterfeit screen that is a carbon copy of your legitimate banking or crypto apps. 

When you enter your username and password, thinking you're logging into your account, you're actually typing it into the fake overlay created by CherryBlos. So, instead of accessing your account, you're handing over your precious credentials to this digital pirate. 

It gets even more insidious. CherryBlos doesn't limit itself to the data you actively input. It uses Optical Character Recognition, or OCR, to read text from images. 

This means if you've got screenshots of your passwords or sensitive information stored on your device, CherryBlos can read and steal that too. It's as if you've left a written note of your passwords for a burglar inside your own house. 

MORE: HOW SCAMMERS ARE USING ‘BARBIE’ FRENZY TO STEAL BANK INFO FROM MOVIEGOERS  

Let's shift our focus to the other troublemaker in town - FakeTrade. Now, this one is an entirely different breed. Picture a sneaky network of 31 scam apps that were uploaded to the Google Play Store, conspiring to distribute this noxious malware. It's like a secret society of villainous apps, each playing its part in the grand scheme. 

To give it more context, think about the apps on your phone right now. Some help you shop; others let you play games and a few assist with managing your finances. Now, imagine 31 of these apps being corrupted, masquerading as helpful tools while their main goal is to infect your device with FakeTrade. 

Several rogue apps, audaciously impersonating legitimate businesses like Upwork and WebFX, are part of the FakeTrade network. They misuse these trusted names to dupe users into downloading the malware. So, you download an app thinking it will assist you with work, but you're unknowingly inviting FakeTrade into your device. 

In legitimate apps, users are often given 'virtual rewards' for engaging with the app, such as watching ads or participating in activities. These rewards might be points, tokens, or digital coins, which can be used within the app for various purposes like unlocking features, purchasing in-app items, or sometimes even buying real-world goods or services, depending on the nature of the app. 

But here's the catch with the scam apps infected with FakeTrade. They make the same promises - watch an ad, and earn rewards. It might hint that these rewards can be converted to real-world benefits, maybe exclusive discounts, access to premium features, or even buying crypto, thus motivating users to engage more with the app. 

However, unlike legitimate apps, these scam apps never allow you to use these rewards. The promised conversion to real-world benefits never happens. It's like endlessly collecting tickets at an arcade where the prize counter is always closed. 

So, despite the enticing appearance, remember these rewards are just an illusion. They are part of the scam apps' scheme to get you to engage, but they never deliver on their promises. That's the insidious nature of the FakeTrade malware and its network of scam apps. 

To make things easy for you, we've got the list of all 31 scam apps spreading FakeTrade right. If you see any of these apps on your phone, it's time to bid them goodbye: 

Ama 

BBShop 

Canyon 

Compass 

Domo 

Envoy 

Fiar 

FIRETOSS 

Gobuy 

Godo 

Goshop 

Huge 

Koofire 

Leefire 

Moshop 

NTBuy 

OneFire 

Papaya 

Pudding 

Saya 

Sengre 

Smartz 

Tango 

Timeshop 

Tinuiti 

Upwork 

WebFX 

Youtech 

MALICIOUS ANDROID SPYWARE DETECTED IN OVER 100 POPULAR APPS

We reached out to Google about the malicious, and a spokesperson for the company told us this: 

All of the identified malicious apps in the report have been removed from Google Play. We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play." 

While Google Play Protect is built-in malware protection for Android devices and automatically removes known malware. It is important to note that Google Play Protect may not be enough. Historically, it isn't 100% foolproof at removing all known malware from Android devices

So, how do you keep your digital lives safe from these virtual villains? Let's dig in: 

Beware of where you download: Stick to the official Google Play Store like glue. It's not perfect, but it's much safer than those shady third-party app stores or that seemingly harmless APK file shared in your group chat. 

Play detective with apps: Don't just hit download because an app looks cool. Do a little snooping. Look at the reviews, the developer's other apps, and their website. If anything looks fishy, it probably is! 

Ditch the screenshot habit: This one's important, folks! Stop screenshotting your passwords. I mean it. Just stop. 

Stay updated: Keep your apps and phone software in tip-top shape by installing regular updates. These often contain vital security fixes to keep you safe. 

Be app permission savvy: If a wallpaper app asks for your contacts list, you know that's a red flag. Stay alert to what permissions you're granting. 

Arm yourself with antivirus: An antivirus app can act like your personal security guard, scanning your phone for any lurking threats. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information.

See my expert review of the best antivirus protection for your Windows, Mac, Android, and iOS devices by visiting Cyberguy.com/LockUpYourTech 

Strengthen your passwords: Ensure you have strong, unique passwords for your online accounts. Consider using a password manager to generate and store complex passwords securely. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.

Check out my best expert-reviewed password managers of 2023 by heading to Cyberguy.com/Passwords 

Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. 

Create alias email addresses: Sometimes, it's best to create various email aliases so that you don't have to worry about all your info getting taken in a data breach. An email alias address is a great way for you to stop receiving constant spam mail by simply deleting the email alias address.

To find out more about upgrading the security and privacy of your email, head over to CyberGuy.com/Mail 

THE TWO APPS ON GOOGLE PLAY STORE THAT ARE PUTTING MILLIONS OF ANDROID USERS AT RISK

Well, it's not the end of the world. Here's your game plan: 

Password Makeover: Change your passwords, especially if they've been snapped in a screenshot or input while you were infected. 

Monitor your Finances: Keep a hawk eye on your bank and credit card statements. If anything looks out of place, ring up your bank. 

The Nuclear Option: As a last resort, you should hit the reset button and do a factory reset of your device. Remember to back up your vital data, but don't carry over any malicious apps! Read how to reset your Android device here and your Apple device here

Axe the Bad App: Identify the troublemaker and show it the door. Uninstall it, pronto! 

Go to the home screen or app drawer 

Find the app you want to delete 

Press and hold the app icon 

Drag the app icon to the "Uninstall" or "Delete/Remove" option 

Confirm the action/uninstallation. 

Locate the app and press down and hold on the app 

Click the "Remove App" row 

On the next screen, click "Delete App", then click "Delete" to confirm 

Another way of removing the app is if you touch and hold an app on your device 

You’ll see all the apps begin to shake. Click the "-" icon in the upper-left corner of the app 

Click "Delete App" and then Delete to confirm 

Use identity theft protection: If you feel your personal information was stolen, Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
 
One of the best parts of using some services is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
 
See my tips and best picks on how to protect yourself from identity theft by visiting Cyberguy.com/IdentityTheft 

Phew! That was a lot to take in. We've journeyed through the cunning tricks of CherryBlos and FakeTrade, and, hopefully, armed ourselves with the knowledge to keep our devices and data safe. Remember, our digital lives are extensions of ourselves, and we need to defend them just as fiercely. 

What steps are you going to take today to ensure your device doesn't fall prey to these malicious tricksters? Have you been screenshotting your passwords or downloading apps without proper investigation? Let us know by writing us at Cyberguy.com/Contact 

For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter 

Copyright 2023 CyberGuy.com. All rights reserved. 

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.