New Android malware uses OCR to steal credentials from images
Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams. The new malware strains were discovered by Trend Micro, which observed both using the same network infrastructure and certificates, indicating the same threat actors created them. The malicious apps use various distribution channels, including social media, phishing sites, and deceitful shopping apps on Google Play, Android's official app store. CherryBlos malware CherryBlos malware was seen distributed for the first time in April 2023, in the form of an APK (Android package) file promoted on Telegram, Twitter, and YouTube, under the guise of AI tools or coin miners The names used for the malicious APKs are GPTalk , Happy Miner , Robot999 , and SynthNet , downloaded from the following websites with matching domain names: chatgptc[.]io happyminer[.]com robot999[.]net sy