Security News > 2023 > July > New Android malware uses OCR to steal credentials from images
Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams.
The malicious apps use various distribution channels, including social media, phishing sites, and deceitful shopping apps on Google Play, Android's official app store.
CherryBlos uses a range of tactics to steal cryptocurrency credentials and assets, with the main tactic being to load fake user interfaces that mimic official apps to phish for credentials.
Trend Micro analysts found connections to a campaign on Google Play, where 31 scam apps collectively called "FakeTrade" were using the same C2 network infrastructures and certificates as the CherryBlos apps.
Google told BleepingComputer that the reported malware apps had been removed from Google Play.
Anatsa Android trojan now steals banking info from users in US, UK. SpinOk Android malware found in more apps with 30 million installs.
News URL
Related news
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)