Hackers are getting more sophisticated, uncovering new ways to steal crypto
This week, researchers warned about two related malware campaigns, CherryBlos and FakeTrade, which target Android users to steal cryptocurrency and other money-making scams.
The malware is distributed through fake Android apps on Google Play, social media platforms, and phishing sites.
Trend Micro said its researchers had recently discovered two types of malware in a report this week and found that the malware used the same network infrastructure and application certificates. This suggests that the same threat is behind both efforts, the researchers said.
“From the language used by these samples, we determined that the threat actor doesn’t have a specific targeted region but targets victims across the globe, replacing resource strings and uploading these apps to different Google Play regions,” said Trend Micro. The main regions targeted are Malaysia, Vietnam, the Philippines, Indonesia, Uganda and Mexico.
The CherryBlos malware is designed to steal cryptocurrency wallet credentials and replace the victim’s wallet address when withdrawing money. Trend Micro said it found the malware on Telegram, TikTok, and X ( formerly known as Twitter), displaying ads promoting the fake Android malware apps. At least four fake Android apps were found by Trend Micro containing CherryBlos: SynthNet, Happy Miner, Robot99, and GPTalk.
The FakeTrade campaign features comparable technology, with at least 31 fake Android apps distributing malware. Many are shopping-related apps that sometimes claim users can complete tasks to earn money or get additional credit by filling out an application. Once users took the bait and topped off their accounts, they later found they could not make withdrawals.
Since then, Google has removed all of the fake apps, according to Trend Micro. However, CherryBlos and FakeTrade are still a threat to Android users. The report states, “The threat actor behind these campaigns employed advanced techniques to evade detection, such as software packing, obfuscation, and abusing Android’s Accessibility Service.”
Editor-in-Chief of the Big Blind, a prominent gambling industry publication, brings 30+ years of journalism experience to his role. His vision emphasizes clarity, accessibility, and responsible journalism, making the Big Blind a trusted source in the online gambling sector.