Trend Micro finds 2 new types of malware on Google Play Store! Is it on your phone? Delete now

Cybercriminals are constantly evolving their tactics to stay ahead of cybersecurity measures, much to the despair of innocent smartphone users. This makes it crucial for users and businesses to stay vigilant and adopt robust security measures, because if they don't, they stand to lose their valuable data and money to hackers.

Cybersecurity company Trend Micro has found two new types of Android malware called CherryBlos and FakeTrade on the Google Play Store, according to a report by BleepingComputer. But these harmful apps are not limited to the Play Store; they are also spreading through social media and fake websites in the form of APK files that people can install.

The harmful apps utilize different ways to spread, such as social media, phishing sites, and deceptive shopping apps on Google Play, which is the official app store for Android.

CherryBlos

CherryBlos is a cryptocurrency stealer that exploits Accessibility service permissions to fetch configuration files from the C2 server, auto-approves additional permissions, and stops users from detecting and deleting this malicious app.

In a recent blog post, Trend Micro mentioned that they noticed the CherryBlos malware being spread as an APK in April of this year. The malware was being advertised on Telegram, Twitter, and YouTube as a cryptocurrency mining app called SynthNet, claiming to be powered by AI. It was also available on the Play Store, but luckily, Google removed it after only a few thousand downloads.

Fake Trade campaign

Trend Micro analysts also discovered a concerning campaign named "FakeTrade" on Google Play Store. In this campaign, 31 fraudulent apps were identified, all referred to as "FakeTrade," which were utilizing identical C2 network infrastructures and certificates as the previously identified CherryBlos apps. These deceitful apps employ shopping-related themes and money-making offers to deceive users. The tactics involve tricking users into watching ads, subscribing to premium services, or adding funds to their in-app wallets, but ultimately preventing them from cashing out the promised virtual rewards.

How to stay safe from malware?

Using a top-notch password manager is a secure way to store all your passwords in a single place without the need to remember each one individually. You only need to recall the master password for the password manager. To protect your Android device from malware, consider installing an Android antivirus apps. These apps scan both your current apps and any new downloads for viruses. While Google Play Protect offers similar protection and comes pre-installed on most Android phones, paid Android antivirus apps often provide additional features like a VPN or a password manager for added benefits.

According to a statement given to BleepingComputer by Google, the malware-infected apps mentioned have been successfully removed from Google Play. Google emphasized its commitment to addressing security and privacy concerns and taking necessary actions against policy violations.

Despite the removal, the situation remains concerning as numerous users have already downloaded the malicious apps, possibly necessitating manual clean-ups on affected devices. So, check whether these are on your phone and delete them promptly.