New cryptocurrency malware can read screenshots of saved pass phrases

Hackers are getting more sophisticated, uncovering new ways to steal crypto

This week, researchers warned about two related malware campaigns, CherryBlos and FakeTrade, which target Android users to steal cryptocurrency and other money-making scams.
The malware is distributed through fake Android apps on Google Play, social media platforms, and phishing sites.

Trend Micro said its researchers had recently discovered two types of malware in a report this week and found that the malware used the same network infrastructure and application certificates. This suggests that the same threat is behind both efforts, the researchers said.

“From the language used by these samples, we determined that the threat actor doesn’t have a specific targeted region but targets victims across the globe, replacing resource strings and uploading these apps to different Google Play regions,” said Trend Micro. The main regions targeted are Malaysia, Vietnam, the Philippines, Indonesia, Uganda and Mexico.

The CherryBlos malware is designed to steal cryptocurrency wallet credentials and replace the victim’s wallet address when withdrawing money. Trend Micro said it found the malware on Telegram, TikTok, and X ( formerly known as Twitter), displaying ads promoting the fake Android malware apps. At least four fake Android apps were found by Trend Micro containing CherryBlos: SynthNet, Happy Miner, Robot99, and GPTalk.

The FakeTrade campaign features comparable technology, with at least 31 fake Android apps distributing malware. Many are shopping-related apps that sometimes claim users can complete tasks to earn money or get additional credit by filling out an application. Once users took the bait and topped off their accounts, they later found they could not make withdrawals.

Since then, Google has removed all of the fake apps, according to Trend Micro. However, CherryBlos and FakeTrade are still a threat to Android users. The report states, “The threat actor behind these campaigns employed advanced techniques to evade detection, such as software packing, obfuscation, and abusing Android’s Accessibility Service.”

Secure Banking

Safer Gambling

Our Responsible Gambling program makes sure every player is of legal age and also gives you the option to self-exclude for a time period from our tables, sportsbook or casino.

Need Help?


Maximize your income through our affiliate marketing. Learn more >
Copyright © 2024 | | T&Cs | All Rights Reserved

Select the software version that is right for your Mac

How to find my chip architecture?