Guard your passwords: CherryBlos & FakeTrade malware threaten Androids

Picture this: You’re scrolling through your photos, reminiscing on good times, and out of nowhere – BAM! Your bank account is suddenly empty. How did that happen, you wonder?

Well, my friends, welcome to the era of CherryBlos and FakeTrade, two cunning new forms of Android malware that were discovered by Trend Micro, which can lift your passwords and other precious data from your photo album.

What’s CherryBlos?

Let’s talk about CherryBlos first. Now, this malware, believe it or not, operates under the guise of an AI-powered cryptocurrency mining app known as SynthNet. The camouflage is so convincing that it successfully infiltrated the Google Play Store, deceiving users into downloading it. But the trickery doesn’t end there.

The crafty creators of CherryBlos went the extra mile to exploit social media platforms like Twitter and Telegram. They promoted this malicious app through posts and direct messages, luring unsuspecting users with the promise of a tech-savvy, crypto-rich future. All it takes is one click on that download link, and CherryBlos becomes an unwanted guest on your device.

MORE: BEWARE OF THIS NEW MAC MALWARE TARGETING YOUR DATA & DEVICES 

Credit: Trend Micro

How does CherryBlos steal your data?

Once installed, CherryBlos employs a sophisticated tactic known as “fake overlays.” If you’re wondering what that means, it’s just as devious as it sounds. Essentially, this malware can create a counterfeit screen that is a carbon copy of your legitimate banking or crypto apps.

When you enter your username and password, thinking you’re logging into your account, you’re actually typing it into the fake overlay created by CherryBlos. So, instead of accessing your account, you’re handing over your precious credentials to this digital pirate.

How CherryBlos can steal your passwords from images

It gets even more insidious. CherryBlos doesn’t limit itself to the data you actively input. It uses Optical Character Recognition, or OCR, to read text from images.

This means if you’ve got screenshots of your passwords or sensitive information stored on your device, CherryBlos can read and steal that too. It’s as if you’ve left a written note of your passwords for a burglar inside your own house.

MORE: HOW SCAMMERS ARE USING ‘BARBIE’ FRENZY TO STEAL BANK INFO FROM MOVIEGOERS 

What’s FakeTrade?

Let’s shift our focus to the other troublemaker in town – FakeTrade. Now, this one is an entirely different breed. Picture a sneaky network of 31 scam apps that were uploaded to the Google Play Store, conspiring to distribute this noxious malware. It’s like a secret society of villainous apps, each playing its part in the grand scheme.

To give it more context, think about the apps on your phone right now. Some help you shop; others let you play games and a few assist with managing your finances. Now, imagine 31 of these apps being corrupted, masquerading as helpful tools while their main goal is to infect your device with FakeTrade.

How does FakeTrade steal your data?

Several rogue apps, audaciously impersonating legitimate businesses like Upwork and WebFX, are part of the FakeTrade network. They misuse these trusted names to dupe users into downloading the malware. So, you download an app thinking it will assist you with work, but you’re unknowingly inviting FakeTrade into your device.

In legitimate apps, users are often given ‘virtual rewards’ for engaging with the app, such as watching ads or participating in activities. These rewards might be points, tokens, or digital coins, which can be used within the app for various purposes like unlocking features, purchasing in-app items, or sometimes even buying real-world goods or services, depending on the nature of the app.

Don’t fall for rewards

But here’s the catch with the scam apps infected with FakeTrade. They make the same promises – watch an ad, and earn rewards. It might hint that these rewards can be converted to real-world benefits, maybe exclusive discounts, access to premium features, or even buying crypto, thus motivating users to engage more with the app.

However, unlike legitimate apps, these scam apps never allow you to use these rewards. The promised conversion to real-world benefits never happens. It’s like endlessly collecting tickets at an arcade where the prize counter is always closed.

So, despite the enticing appearance, remember these rewards are just an illusion. They are part of the scam apps’ scheme to get you to engage, but they never deliver on their promises. That’s the insidious nature of the FakeTrade malware and its network of scam apps.

To make things easy for you, we’ve got the list of all 31 scam apps spreading FakeTrade right. If you see any of these apps on your phone, it’s time to bid them goodbye:

  • Ama
  • BBShop
  • Canyon
  • Compass
  • Domo
  • Envoy
  • Fiar
  • FIRETOSS
  • Gobuy
  • Godo
  • Goshop
  • Huge
  • Koofire
  • Leefire
  • Moshop
  • NTBuy
  • OneFire
  • Papaya
  • Pudding
  • Saya
  • Sengre
  • Smartz
  • Tango
  • Timeshop
  • Tinuiti
  • Upwork
  • WebFX
  • Youtech

Google takes action against malicious apps on Play Store

We reached out to Google about the malicious apps, and a spokesperson for the company told us this:

All of the identified malicious apps in the report have been removed from Google Play. We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play.”

While Google Play Protect is built-in malware protection for Android devices and automatically removes known malware. It is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices.

How to keep your digital lives safe

So, how do you keep your digital lives safe from these virtual villains? Let’s dig in:

Beware of where you download: Stick to the official Google Play Store like glue. It’s not perfect, but it’s much safer than those shady third-party app stores or that seemingly harmless APK file shared in your group chat.

Play detective with apps: Don’t just hit download because an app looks cool. Do a little snooping. Look at the reviews, the developer’s other apps, and their website. If anything looks fishy, it probably is!

Ditch the screenshot habit: This one’s important, folks! Stop screenshotting your passwords. I mean it. Just stop.

Stay updated: Keep your apps and phone software in tip-top shape by installing regular updates. These often contain vital security fixes to keep you safe.

Be app permission savvy: If a wallpaper app asks for your contacts list, you know that’s a red flag. Stay alert to what permissions you’re granting.

Arm yourself with antivirus: An antivirus app can act like your personal security guard, scanning your phone for any lurking threats. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information. Special for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  Find my review of Best Antivirus Protection here.

Best Antivirus Protection 2023

Strengthen your passwords: Ensure you have strong, unique passwords for your online accounts. Consider using a password manager to generate and store complex passwords securely. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself.  The fewer passwords you remember, the less likely you will be to reuse them for your accounts.

One of the best password managers out there is 1Password. With no known security breaches or vulnerabilities, 1Password is a solid option as a paid password manager. It utilizes a well-designed interface, which features core components that are expected from premium, paid password managers. At the time of publishing, it starts at $2.99 a month, billed annually, for a total of $35.88/year, and you can save more with a family option which includes 5 family members for $60/year. Get more details about my best expert-reviewed Password Managers of 2023 here.

Best Password Managers expert reviewed for 2023

Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.

Create alias email addresses: Sometimes, it’s best to create various email aliases so that you don’t have to worry about all your info getting taken in a data breach.  An email alias address is a great way for you to stop receiving constant spam mail by simply deleting the email alias address.  In addition to creating throwaway email accounts for online sign-ups and other circumstances where you would not want to disclose your primary email address, alias email addresses are helpful for handling and organizing incoming communications. Sometimes, it’s best to create various email aliases so that you don’t have to worry about getting tons of spam mail and having your email eventually stolen in a data breach. An alias email address is a great way for you to stop receiving constant spam mail by simply deleting the email alias address.

My #1 pick for secure and private email is StartMail, which allows users to create unlimited, customized aliases.  You can get an Exclusive deal for CyberGuy readers: 60% off: $23.98 for first year ($2 per month, billed annually).  Includes a free 7-day trial.

See my review of best secure and private email services here

Best Private and Secure Email Providers 2023

 

What if I’ve already fallen prey to CherryBlos or FakeTrade?

Well, it’s not the end of the world. Here’s your game plan:

Password Makeover: Change your passwords, especially if they’ve been snapped in a screenshot or input while you were infected.

Monitor your Finances: Keep a hawk eye on your bank and credit card statements. If anything looks out of place, ring up your bank.

The Nuclear Option: As a last resort, you should hit the reset button and do a factory reset of your device. Remember to back up your vital data, but don’t carry over any malicious apps! Read how to factory reset your Android device here and how to reset your Apple device here.

Axe the Bad App: Identify the troublemaker and show it the door. Uninstall it, pronto!

How do I delete the apps from my Android?

    • Go to the home screen or app drawer
    • Find the app you want to delete
    • Press and hold the app icon
    • Drag the app icon to the “Uninstall” or “Delete/Remove” option
    • Confirm the action/uninstallation.

How to delete an app on iOS devices

    • Locate the app and press down and hold on the app
    • Click the “Remove App” row
    • On the next screen, click “Delete App”, then click “Delete” to confirm
    • Another way of removing the app is if you touch and hold an app on your device
    • You’ll see all the apps begin to shake.  Click the “-” icon in the upper-left corner of the app
    • Click “Delete App” and then Delete to confirm

Use Identity theft protection: If you feel your personal information was stolen and want a service that will walk you through every step of the reporting and recovery process, one of the best things you can do to protect yourself from this type of fraud is to subscribe to an identity theft service.

My top recommendation is Identity Guard. Identity Guard will monitor personal information like your Home title, Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses. Special for CyberGuy Readers:  Save up to 51% with my top recommendation is Identity Guard.

Read more of my review of best identity theft protection services here.

Best identity theft protection services 2023

 

Kurt’s key takeaways

Phew! That was a lot to take in. We’ve journeyed through the cunning tricks of CherryBlos and FakeTrade, and, hopefully, armed ourselves with the knowledge to keep our devices and data safe. Remember, our digital lives are extensions of ourselves, and we need to defend them just as fiercely.

What steps are you going to take today to ensure your device doesn’t fall prey to these malicious tricksters? Have you been screenshotting your passwords or downloading apps without proper investigation? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Related posts

Ignoring router security settings puts millions at risk from hidden dangers

Google Maps is deleting location history soon, so act now to save your data

How iOS 18.2 now lets you share your AirTag’s location with anyone