Android Malware Discovered on Google Play Store

Reading Time: ( Word Count: )

July 31, 2023

Trend Micro, a cybersecurity research firm, has discovered two malware strains specifically designed for Android devices, with one variant capable of exfiltrating data from images and photographs.

Trend Micro published a report on its official website revealing the recent discovery of two malware families: CheeryBlos and FakeTrade. Astonishingly, one found its way into Google Play, the certified app store for Android devices.

The researchers identified the two malicious applications as orchestrated by the same threat actor, leveraging identical network infrastructure and certificates. These malware strains hid within various apps, including SynthNet, that made their way into Google Play. As per a report by BleepingComputer, this app had been downloaded approximately 1,000 times before it was purged from the store.

Also Read: Cybercriminals Target Twitter Blue Subscribers Amid Platform’s Shift to X

However, Google Play wasn’t the only distribution channel for these malicious apps. The culprits exploited widespread distribution strategies like social media platforms and phishing sites, advertising the apps on platforms like Telegram, Twitter, and YouTube as artificial intelligence tools or cryptocurrency miners. Among these apps were GPTalk, Happy Miner, and Robot999. If these are installed on your devices, immediate removal is advised.

Crypto-Stealing Android Malware Discovered on Google Play Store

The primary objective of these malware strains was to pilfer essential data from infected devices, including any cryptocurrencies stored in mobile wallets. The malware accomplished this by overlaying crypto apps with a transparent or deceptive user interface to trick users into giving away their credentials to the culprits. They also hijacked the clipboard to replace the user’s crypto wallet address with an address controlled by the attackers.

Another sophisticated method employed was Optical Character Recognition (OCR), a feature in many high-end smartphones that allows the device to interpret text from a photo or image. Miscreants leveraged OCR to scan the photo gallery for useful images and exfiltrate the data to their command-and-control servers (C2).

While the malefactors did not specifically target any region, victims were predominantly located in Malaysia, Vietnam, Indonesia, the Philippines, Uganda, and Mexico, per the researchers’ findings.

Given the global popularity of cryptocurrencies, especially Bitcoin and Ether, the imminent Bitcoin halving event has many investors hoarding these digital currencies in anticipation of the following potential bull run. This situation leaves many individuals, particularly newcomers to the crypto market, susceptible to scams and cyber-attacks.

Saher Mahmood

Saher Mahmood


Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...

Submit a Comment

Your email address will not be published. Required fields are marked *