Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Android Malware Stealing Cryptocurrency

July 31, 2023
Reading Time: 2 mins read
in Alerts
Android Malware Stealing Cryptocurrency

 

Researchers have issued a warning about two interconnected malware campaigns, CherryBlos and FakeTrade, targeting Android users for cryptocurrency theft and other financially-motivated scams. The operators of these campaigns are spreading the malware through fake Android apps on Google Play, social media platforms, and phishing sites.

Trend Micro researchers observed that both malware strains use the same network infrastructure and application certificates, suggesting a common threat actor behind both operations.

CherryBlos, one of the malware strains, possesses a dangerous feature where it can utilize optical character recognition (OCR) to read mnemonic phrases in pictures on compromised devices, sending the data to its command-and-control server.

This capability allows the malware to target cryptocurrency wallets effectively. The threat actor responsible for these campaigns seems to have a global approach, targeting victims across multiple regions, including Malaysia, Vietnam, Philippines, Indonesia, Uganda, and Mexico, by uploading apps with replaced resource strings to various Google Play regions.

The CherryBlos campaign is focused on stealing cryptocurrency wallet-related credentials and replacing victims’ wallet addresses during withdrawals. The malware operators promote fake Android apps containing CherryBlos through platforms like Telegram, TikTok, and X, leading victims to phishing sites hosting the malicious apps. Similarly, the FakeTrade campaign, using at least 31 fake Android apps, entices users with shopping-related themes and promises of earning money through specific tasks or purchasing additional credits.

Despite Google’s removal of the fake apps, both CherryBlos and FakeTrade pose significant threats to Android users due to the threat actor’s advanced evasion techniques, including software packing, obfuscation, and exploitation of Android’s Accessibility Service. Users are advised to be cautious and refrain from downloading suspicious apps or granting excessive permissions to safeguard against such attacks.

Reference:
  • Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns
Tags: AndroidCherryBlosCryptocurrenciesCyber AlertCyber Alerts 2023CybersecurityFakeTradeGoogle PlayJuly 2023MalwarePhishingVulnerabilities
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial