How to defend against CherryBlos and protect your passwords
Enterprises, Meet CherryBlos: the malware that plunders your passwords from pictures. Earlier this year, researchers uncovered this new species of malware that can extract passwords and sensitive information from images alone.
In an era marked by the embrace of Bring Your Own Device (BYOD), the infiltration of compromised devices into corporate networks is now disturbingly effortless. This case serves as a stark reminder that as new technologies surface, so do innovative threats. For enterprise leaders, Android management strategies must be improved to effectively counter this growing menace.
A new breed of threat: CherryBlos and beyond
In a recent report by cybersecurity firm Trend Micro, it has been revealed that the operators behind the malware campaign have employed a multi-platform approach to disseminate their malicious software. Utilizing popular platforms such as Telegram, TikTok, and X, the threat actors have displayed ads directing unsuspecting victims to phishing sites hosting these fraudulent applications.
Notably, Trend Micro’s investigation has unearthed at least four of these nefarious Android apps bearing the CherryBlos malware, including GPTalk, Happy Miner, and Robot99. The fourth one, named Synthnet, however has even been listed on the Google Play Store. Google has since taken swift action to remove it from the Play Store, prioritizing user safety and security. Nevertheless, its infiltration of the Google Play Store, camouflaged as a legitimate application, underscores this point. Once downloaded, CherryBlos steals information in two ways.
First, the malware deploys “fake overlays.” This tactic involves the creation of counterfeit interfaces that superimpose themselves on authentic banking apps or cryptocurrency wallets, effectively siphoning user credentials.
Second, and even more concerning, CherryBlos leverages optical character recognition to scan images and extract data from them. In essence, should you have screenshots of passwords or sensitive information stored in your device gallery, CherryBlos possesses the ability to read and share this information.
Unfortunately, CherryBlos isn’t an isolated incident. Its sibling malware, FakeTrade, further…