Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns


Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.

The first campaign leveraged popular social networking platforms to promote fraudulent services, with the advertisements pointing to phishing websites that trick users into downloading and installing malicious Android apps. The downloaded malware CherryBlos (AndroidOS_CherryBlos.GCL), named because of the unique string used in its hijacking framework, can steal cryptocurrency wallet-related credentials, and replace victims’ addresses while they make withdrawals.

Meanwhile, another campaign that employed several fraudulent money-earning apps — first uploaded to Google Play in 2021 — involved the FakeTrade (AndroidOS_FakeTrade.HRXB) malware. These apps claim to be e-commence platforms that promise increased income for users via referrals and top-ups. However, users will be unable withdraw their funds when they attempt to do so.

Read more…