Picture this: You’re scrolling through your photos, reminiscing on good times, and out of nowhere – BAM! Your bank account is suddenly empty. How did that happen, you wonder?
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
Well, my friends, welcome to the era of CherryBlos and FakeTrade, two cunning new forms of Android malware that were discovered by Trend Micro, which can lift your passwords and other precious data from your photo album.
What’s CherryBlos?
Let’s talk about CherryBlos first. Now, this malware, believe it or not, operates under the guise of an AI-powered cryptocurrency mining app known as SynthNet. The camouflage is so convincing that it successfully infiltrated the Google Play Store, deceiving users into downloading it. But the trickery doesn’t end there.
The crafty creators of CherryBlos went the extra mile to exploit social media platforms like Twitter and Telegram. They promoted this malicious app through posts and direct messages, luring unsuspecting users with the promise of a tech-savvy, crypto-rich future. All it takes is one click on that download link, and CherryBlos becomes an unwanted guest on your device.
MORE: BEWARE OF THIS NEW MAC MALWARE TARGETING YOUR DATA & DEVICES
CherryBlos, a malware, operates under an AI-powered cryptocurrency mining app known as SynthNet. (Trend Micro)
How does CherryBlos steal your data?
Once installed, CherryBlos employs a sophisticated tactic known as “fake overlays.” If you’re wondering what that means, it’s just as devious as it sounds. Essentially, this malware can create a counterfeit screen that is a carbon copy of your legitimate banking or crypto apps.
When you enter your username and password, thinking you’re logging into your account, you’re actually typing it into the fake overlay created by CherryBlos. So, instead of accessing your account, you’re handing over your precious credentials to this digital pirate.
How CherryBlos can steal your passwords from images
It gets even more insidious. CherryBlos doesn’t limit itself to the data you actively input. It uses Optical Character Recognition, or OCR, to read text from images.
This means if you’ve got screenshots of your passwords or sensitive information stored on your device, CherryBlos can read and steal that too. It’s as if you’ve left a written note of your passwords for a burglar inside your own house.
MORE: HOW SCAMMERS ARE USING ‘BARBIE’ FRENZY TO STEAL BANK INFO FROM MOVIEGOERS
CherryBlos uses Optical Character Recognition, or OCR, to read text from images. (CyberGuy.com)
What’s FakeTrade?
Let’s shift our focus to the other troublemaker in town – FakeTrade. Now, this one is an entirely different breed. Picture a sneaky network of 31 scam apps that were uploaded to the Google Play Store, conspiring to distribute this noxious malware. It’s like a secret society of villainous apps, each playing its part in the grand scheme.
To give it more context, think about the apps on your phone right now. Some help you shop; others let you play games and a few assist with managing your finances. Now, imagine 31 of these apps being corrupted, masquerading as helpful tools while their main goal is to infect your device with FakeTrade.
FakeTrade’s goal is to use infect your device, pretending to be helpful tools within apps that are really corrupted. (CyberGuy.com)
How does FakeTrade steal your data?
Several rogue apps, audaciously impersonating legitimate businesses like Upwork and WebFX, are part of the FakeTrade network. They misuse these trusted names to dupe users into downloading the malware. So, you download an app thinking it will assist you with work, but you’re unknowingly inviting FakeTrade into your device.
In legitimate apps, users are often given ‘virtual rewards’ for engaging with the app, such as watching ads or participating in activities. These rewards might be points, tokens, or digital coins, which can be used within the app for various purposes like unlocking features, purchasing in-app items, or sometimes even buying real-world goods or services, depending on the nature of the app.
FakeTrade makes promises of rewarding users who have downloaded corrupted apps and watch ads, but in reality they never receive these rewards. (CyberGuy.com)
Don’t fall for rewards
But here’s the catch with the scam apps infected with FakeTrade. They make the same promises – watch an ad, and earn rewards. It might hint that these rewards can be converted to real-world benefits, maybe exclusive discounts, access to premium features, or even buying crypto, thus motivating users to engage more with the app.
However, unlike legitimate apps, these scam apps never allow you to use these rewards. The promised conversion to real-world benefits never happens. It’s like endlessly collecting tickets at an arcade where the prize counter is always closed.
So, despite the enticing appearance, remember these rewards are just an illusion. They are part of the scam apps’ scheme to get you to engage, but they never deliver on their promises. That’s the insidious nature of the FakeTrade malware and its network of scam apps.
To make things easy for you, we’ve got the list of all 31 scam apps spreading FakeTrade right. If you see any of these apps on your phone, it’s time to bid them goodbye:
Ama
BBShop
Canyon
Compass
Domo
Envoy
Fiar
FIRETOSS
Gobuy
Godo
Goshop
Huge
Koofire
Leefire
Moshop
NTBuy
OneFire
Papaya
Pudding
Saya
Sengre
Smartz
Tango
Timeshop
Tinuiti
Upwork
WebFX
Youtech
MALICIOUS ANDROID SPYWARE DETECTED IN OVER 100 POPULAR APPS
Google takes action against malicious apps on Play Store
We reached out to Google about the malicious, and a spokesperson for the company told us this:
All of the identified malicious apps in the report have been removed from Google Play. We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play.”
While Google Play Protect is built-in malware protection for Android devices and automatically removes known malware. It is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices.
How to keep your digital lives safe
So, how do you keep your digital lives safe from these virtual villains? Let’s dig in:
Beware of where you download: Stick to the official Google Play Store like glue. It’s not perfect, but it’s much safer than those shady third-party app stores or that seemingly harmless APK file shared in your group chat.
Play detective with apps: Don’t just hit download because an app looks cool. Do a little snooping. Look at the reviews, the developer’s other apps, and their website. If anything looks fishy, it probably is!
Ditch the screenshot habit: This one’s important, folks! Stop screenshotting your passwords. I mean it. Just stop.
Stay updated: Keep your apps and phone software in tip-top shape by installing regular updates. These often contain vital security fixes to keep you safe.
Be app permission savvy: If a wallpaper app asks for your contacts list, you know that’s a red flag. Stay alert to what permissions you’re granting.
Arm yourself with antivirus: An antivirus app can act like your personal security guard, scanning your phone for any lurking threats. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information.
See my expert review of the best antivirus protection for your Windows, Mac, Android, and iOS devices by visiting Cyberguy.com/LockUpYourTech
Strengthen your passwords: Ensure you have strong, unique passwords for your online accounts. Consider using a password manager to generate and store complex passwords securely. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
Check out my best expert-reviewed password managers of 2023 by heading to Cyberguy.com/Passwords
Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
Create alias email addresses: Sometimes, it’s best to create various email aliases so that you don’t have to worry about all your info getting taken in a data breach. An email alias address is a great way for you to stop receiving constant spam mail by simply deleting the email alias address.
To find out more about upgrading the security and privacy of your email, head over to CyberGuy.com/Mail
THE TWO APPS ON GOOGLE PLAY STORE THAT ARE PUTTING MILLIONS OF ANDROID USERS AT RISK
Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services or other sources. (CyberGuy.com)
What if I’ve already fallen prey to CherryBlos or FakeTrade?
Well, it’s not the end of the world. Here’s your game plan:
Password Makeover: Change your passwords, especially if they’ve been snapped in a screenshot or input while you were infected.
Monitor your Finances: Keep a hawk eye on your bank and credit card statements. If anything looks out of place, ring up your bank.
The Nuclear Option: As a last resort, you should hit the reset button and do a factory reset of your device. Remember to back up your vital data, but don’t carry over any malicious apps! Read how to reset your Android device here and your Apple device here.
Axe the Bad App: Identify the troublemaker and show it the door. Uninstall it, pronto!
How do I delete the apps from my Android?
Go to the home screen or app drawer
Find the app you want to delete
Press and hold the app icon
Drag the app icon to the “Uninstall” or “Delete/Remove” option
Confirm the action/uninstallation.
How to delete an app on iOS devices
Locate the app and press down and hold on the app
Click the “Remove App” row
On the next screen, click “Delete App”, then click “Delete” to confirm
Another way of removing the app is if you touch and hold an app on your device
You’ll see all the apps begin to shake. Click the “-“ icon in the upper-left corner of the app
Click “Delete App” and then Delete to confirm
Use identity theft protection: If you feel your personal information was stolen, Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
See my tips and best picks on how to protect yourself from identity theft by visiting Cyberguy.com/IdentityTheft
Kurt’s key takeaways
Phew! That was a lot to take in. We’ve journeyed through the cunning tricks of CherryBlos and FakeTrade, and, hopefully, armed ourselves with the knowledge to keep our devices and data safe. Remember, our digital lives are extensions of ourselves, and we need to defend them just as fiercely.
What steps are you going to take today to ensure your device doesn’t fall prey to these malicious tricksters? Have you been screenshotting your passwords or downloading apps without proper investigation? Let us know by writing us at Cyberguy.com/Contact
CLICK HERE TO GET THE FOX NEWS APP
For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Copyright 2023 CyberGuy.com. All rights reserved.
