July 30, 2023
2 mins read

New malware targeting Android users to steal sensitive data using OCR

The malicious apps are distributed through a variety of channels, including social media, phishing websites, and shopping apps on Google Play….reports Asian Lite News

Two new malware families targeting Android users have been discovered on Google Play, named CherryBlos and FakeTrade, which are designed to steal cryptocurrency credentials and funds or conduct scams using optical character recognition (OCR), a new report has said.

According to cybersecurity software company Trend Micro, both malware uses the same network infrastructure and certificates, indicating the same threat actors created them.

The malicious apps are distributed through a variety of channels, including social media, phishing websites, and shopping apps on Google Play.

CherryBlos malware was first seen spread in April 2023 in the form of an APK (Android package) file marketed on Telegram, Twitter, and YouTube as AI tools or cryptocurrency miners.

The names used for the malicious APKs are GPTalk, Happy Miner, Robot999, and SynthNet, according to the report.

The downloaded malware CherryBlos (AndroidOS_CherryBlos.GCL), named because of the unique string used in its hijacking framework, can steal cryptocurrency wallet-related credentials, and replace victims’ addresses while they make withdrawals.

In addition, a more interesting feature can be enabled, which uses OCR to remove text from photos and images.

“Once granted, CherryBlos will perform the following two tasks — Read pictures from the external storage and use OCR to extract text from these pictures, and upload the OCR results to the C&C server at regular intervals,” the researchers wrote.

Moreover, another campaign that employed several fraudulent money-earning apps — first uploaded to Google Play in 2021 — involved the FakeTrade malware.

Researchers discovered links to a Google Play campaign in which 31 scam apps known as “FakeTrade” used the same C2 network infrastructures and certifications as the CherryBlos apps, the report said.

These apps employ shopping themes or money-making entices to deceive users into watching commercials, committing to premium subscriptions, or topping up their in-app wallets while never allowing them to pay out the virtual prizes.

The applications have a similar interface and mostly target customers in Malaysia, Vietnam, Indonesia, the Philippines, Uganda, and Mexico, with the majority of them appearing on Google Play between 2021 and 2022.

ALSO READ: Kukis, Meitis urged to enter talks to end violence

Previous Story

UK accidentally sent military emails meant for US to Russian ally

Next Story

Apple’s new iOS 16.6 update fixes iPhone security flaws

Latest from Tech LITE

Uber Targets India Dominance

On the subject of travel, Khosrowshahi observed that booking processes remain outdated and ripe for disruption. “I don’t think that the travel industry has innovated that much Uber CEO Dara Khosrowshahi has

Arab League urges Bigger AI investments

A central message of the Arab AI Forum was the urgent adoption of the league’s recently endorsed ethical AI charter….reports Asian Lite News In a defining moment for the future of artificial

Japan City Limits Smartphones

The proposal comes as new figures from Japan’s Children and Families Agency show that young people in the country spend an average of more than five hours online each weekday A city

India Embraces AI Future

Upskilling is emerging as a critical focus, with 51 per cent of leaders naming it their top priority. Around 63 per cent of managers expect AI training to become a core team

UAE Wows Osaka!

The UAE Pavilion at Expo 2025 Osaka celebrates its three millionth visitor, blending culture, innovation, and hospitality in an immersive showcase of heritage, sustainability, and forward-looking global vision….reports Asian Lite News The
Go toTop

Don't Miss

India among top 3 countries originating IoT malware

It identified unpatched, high-severity vulnerabilities in 75 per cent of

India experienced 7 lakh malware attacks in 2022

In 2021, the top three sectors affected by ransomware were