Great Moto G Stylus deal on Amazon!

Google banned these apps for duping people out of money so you must delete them

By
1comment
Android
Researchers and victims explain why you must delete these malicious Android apps
Every now and then, shady Android apps make their way to the Google Play store. Others are hosted on third-party sites and seem harmless. Thankfully, we can count on security experts like Trend Micro Research to keep an eye out for malicious apps. The threat analysis firm has found dozens of new apps that you must delete immediately if you have them on your phone.

Trend Micro Research has found two Android malware families that are targeting users of cryptocurrency and finance apps.

The first is CherryBlos and it is being spread through promotion on social media, directing users to phishing websites that make them download malicious apps. It is capable of stealing crypto credentials and changing the address that's used during the withdrawal process.

The malware uses a commercial packer with advanced protection capabilities called Jiagubao to avoid being detected. It prompts users to grant accessibility permissions and follows anti-kill techniques such as ignoring battery optimization. It also sends the user back to the home screen when they enter the app's settings, presumably to avoid being uninstalled.

In all, four apps with CherryBlos malware were found and they were hosted on different websites:

LabelPhishing domain
GPTalkchatgptc[.]io
Happy Minerhappyminer[.]com
Robot 999robot999[.]net
SynthNetsynthnet[.]ai


The mode of attack is that a fake interface is displayed when a user launches an official app in order to steal credentials. The withdrawn amount is sent to the attacker-controlled address. The malware uses OCR to identify potential mnemonic phrases. An app called Synthnet made by the same developer was found on Google Play, but it didn't have the malware. 

Recommended Stories
The other apps are a part of the FakeTrade campaign and they bait victims into downloading supposed money-earning apps that claim to increase income through referrals and top-ups but prevent users from withdrawing their money when they try to do so. 


CherryBlos has been found to have a connection to these apps and they were available in different Google Play regions such as Indonesia, Malaysia, Mexico, Philippines, Uganda, and Vietnam but have now been deleted. Here are their names: 

  • AMA
  • BBShop
  • Canyon
  • Domo
  • Envoy
  • Fair
  • FIRETOSS
  • Gobuy
  • GoDo
  • Goshop
  • Huge
  • Koofire
  • Leefire
  • Moshop
  • NtBuy
  • Onefire
  • Papaya
  • Saya
  • Smartz
  • Upwork
  • WebFx
  • Youtech

If you made the mistake of downloading any of these apps on your phone, delete them immediately. In the future, only download apps from trusted places and sources and also check out the reviews to ensure there are no red flags.
https://m-cdn.phonearena.com/images/users/270-200/Anam.jpg
Anam Hamid Mobile Tech News and Deals Journalist
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.

Recommended Stories

Loading Comments...

Popular stories

Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'
Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Apple warns iPhone users about overnight iPhone charging
Apple warns iPhone users about overnight iPhone charging
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?

Latest News

The way you handle your iPhone apps could be hurting battery life and performance
The way you handle your iPhone apps could be hurting battery life and performance
HTC could launch another mid-range smartphone this summer
HTC could launch another mid-range smartphone this summer
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
Apple removes three apps from App Store that claimed in ads they could create AI porn
Apple removes three apps from App Store that claimed in ads they could create AI porn
FCC OKs Cingular\'s purchase of AT&T Wireless