In spite of the commitment of Google to preserve its app store, it seems, cybercriminals still manage to infiltrate it.
Thanks to the cyber security company Trend MicroIndeed, two new types of malware have been identified Android are Google Playthat is to say CherryBlos e FakeTrade. The report, shown to the public by Bleeping Computershows how these malicious agents are not only spreading via stores, but also through social media, specially made fake sites or more structured campaigns phishing.
In these contexts, outside of Google Play, special ones are run file APK compromises. What are these malware really and how do they work?
Cherry Blos is a crypto-stealer which leverages Accessibility service permissions to fetch configuration files from the C2 server, automatically approves additional permissions, and prevents users from detecting and deleting the malicious app.
According to experts, the malware would have begun its spread through files with the APK extension last April. The main channels exploited in this regard are, in addition to Google Play, Telegram, Twitter e YouTube. In this regard, it must be said that this malicious agent was promptly identified and blocked on the Google store.
CherryBlos and FakeTrade: the malware that rages on Google Play
As for FakeTrade, we are talking about a malware that would involve more than 30 fraudulent apps. These seem to use all the network infrastructure adopted with CherryBlos, which suggests that the author of both threats is the same.
The apps are touted as useful in the context of shopping or earning money but once activated, they proposition harassing advertisements and not only. According to recorded data, in some cases the victim subscribes to services premium (with related costs) or go to attack directly i cryptocurrency wallets.
To avoid threats such as CherryBlos and FakeTrade, it is vitally important to tread carefully, even in a theoretically safe environment such as Google Play.
Adopting a great antiviruscombined with a password manager, can help any user to have a basic strategy capable of greatly limiting the dangers. Keep apps and operating system up to date, then further raise the overall level of security.