Security News > 2023 > July > New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data
A new Android malware strain called CherryBlos has been observed making use of optical character recognition techniques to gather sensitive data stored in pictures.
Besides displaying fake overlays on top of legitimate crypto wallet apps to steal credentials and make fraudulent fund transfers to an attacker-controlled address, CherryBlos utilizes OCR to recognize potential mnemonic phrases from images and photos stored on the device, the results of which are periodically uploaded to a remote server.
Trend Micro said it also found an app developed by the CherryBlos threat actors on the Google Play Store but without the malware embedded into it.
It's no surprise that malware authors constantly seek new approaches to lure victims and steal sensitive data in the ever-evolving cyber threat landscape.
Google, last year, began taking steps to curb the misuse of accessibility APIs by rogue Android apps to covertly gather information from compromised devices by blocking sideloaded apps from using accessibility features altogether.
New research published this week found that a surveillance app called SpyHide is stealthily collecting private phone data from nearly 60,000 Android devices around the world since at least 2016.
News URL
https://thehackernews.com/2023/07/new-android-malware-cherryblos.html
Related news
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)