Researchers and victims explain why you must delete these Android apps

Every now and then, shady Android apps make their way to the Google Play store. Others are hosted on third-party sites and seem harmless. Thankfully, we can count on security experts like Trend Micro Research to keep an eye out for malicious apps. The threat analysis firm has found dozens of new apps that you must delete immediately if you have them on your phone.
Trend Micro Research has found two Android malware families that are targeting users of cryptocurrency and finance apps.

The first is CherryBlos and it is being spread through promotion on social media, directing users to phishing websites that make them download malicious apps. It is capable of stealing crypto credentials and changing the address that’s used during the withdrawal process.

The malware uses a commercial packer with advanced protection capabilities called Jiagubao to avoid being detected. It prompts users to grant accessibility permissions and follows anti-kill techniques such as ignoring battery optimization. It also sends the user back to the home screen when they enter the app’s settings, presumably to avoid being uninstalled.

In all, four apps with CherryBlos malware were found and they were hosted on different websites:

The mode of attack is that a fake interface is displayed when a user launches an official app in order to steal credentials. The withdrawn amount is sent to the attacker-controlled address. The malware uses OCR to identify potential mnemonic phrases. An app called Synthnet made by the same developer was found on Google Play, but it didn’t have the malware. 

The other apps are a part of the FakeTrade campaign and they bait victims into downloading supposed money-earning apps that claim to increase income through referrals and top-ups but prevent users from withdrawing their money when they try to do so. 

CherryBlos has been found to have a connection to these apps and they were available in different Google Play regions such as Indonesia, Malaysia, Mexico, Philippines, Uganda, and Vietnam but have now been deleted. Here are their names: 

  • AMA
  • BBShop
  • Canyon
  • Domo
  • Envoy
  • Fair
  • FIRETOSS
  • Gobuy
  • GoDo
  • Goshop
  • Huge
  • Koofire
  • Leefire
  • Moshop
  • NtBuy
  • Onefire
  • Papaya
  • Saya
  • Smartz
  • Upwork
  • WebFx
  • Youtech

If you made the mistake of downloading any of these apps on your phone, delete them immediately. In the future, only download apps from trusted places and sources and also check out the reviews to ensure there are no red flags.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.