Google banned these apps for duping people out of money so you must delete them

1comment
Google banned these apps for duping people out of money so you must delete them
Every now and then, shady Android apps make their way to the Google Play store. Others are hosted on third-party sites and seem harmless. Thankfully, we can count on security experts like Trend Micro Research to keep an eye out for malicious apps. The threat analysis firm has found dozens of new apps that you must delete immediately if you have them on your phone.

Trend Micro Research has found two Android malware families that are targeting users of cryptocurrency and finance apps.

The first is CherryBlos and it is being spread through promotion on social media, directing users to phishing websites that make them download malicious apps. It is capable of stealing crypto credentials and changing the address that's used during the withdrawal process.

The malware uses a commercial packer with advanced protection capabilities called Jiagubao to avoid being detected. It prompts users to grant accessibility permissions and follows anti-kill techniques such as ignoring battery optimization. It also sends the user back to the home screen when they enter the app's settings, presumably to avoid being uninstalled.

In all, four apps with CherryBlos malware were found and they were hosted on different websites:



The mode of attack is that a fake interface is displayed when a user launches an official app in order to steal credentials. The withdrawn amount is sent to the attacker-controlled address. The malware uses OCR to identify potential mnemonic phrases. An app called Synthnet made by the same developer was found on Google Play, but it didn't have the malware. 

The other apps are a part of the FakeTrade campaign and they bait victims into downloading supposed money-earning apps that claim to increase income through referrals and top-ups but prevent users from withdrawing their money when they try to do so. 

Recommended Stories

CherryBlos has been found to have a connection to these apps and they were available in different Google Play regions such as Indonesia, Malaysia, Mexico, Philippines, Uganda, and Vietnam but have now been deleted. Here are their names: 

  • AMA
  • BBShop
  • Canyon
  • Domo
  • Envoy
  • Fair
  • FIRETOSS
  • Gobuy
  • GoDo
  • Goshop
  • Huge
  • Koofire
  • Leefire
  • Moshop
  • NtBuy
  • Onefire
  • Papaya
  • Saya
  • Smartz
  • Upwork
  • WebFx
  • Youtech

If you made the mistake of downloading any of these apps on your phone, delete them immediately. In the future, only download apps from trusted places and sources and also check out the reviews to ensure there are no red flags.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless