These harmful apps utilize different ways to spread onto users' phones, such as social media, phishing sites, and deceptive shopping apps on Google Play Store. (Unsplash)

Alert: Two New Malware Variants Discovered on Google Play Store – Check Your Device and Remove Immediately

Innocent smartphone users are increasingly frustrated as cybercriminals continuously adapt their strategies to outsmart cybersecurity measures. As a result, it is imperative for both individuals and businesses to remain alert and implement strong security measures. Failing to do so could result in the loss of valuable data and financial resources to hackers.

Cybersecurity company Trend Micro has discovered two new Android malware named CherryBlos and FakeTrade in the Google Play Store, according to a report by BleepingComputer. But these malicious apps are not limited to the Play Store; they also spread on social media and fake websites as APK files that people can install.

Malicious apps use various methods of spreading, including social media, phishing sites, and fraudulent shopping apps on Google Play, the official Android app store.

CherryBlos

CherryBlos is a cryptocurrency thief that exploits Accessibility permissions to retrieve configuration files from the C2 server, automatically accept additional permissions, and prevent users from detecting and removing this malicious application.

In a recent blog post, Trend Micro mentioned that they noticed the CherryBlos malware spreading as an APK in April of this year. The malware was advertised on Telegram, Twitter and YouTube as a cryptocurrency mining app called SynthNet, which was allegedly powered by artificial intelligence. It was also available on the Play Store, but thankfully Google removed it after only a few thousand downloads.

Fake Trade campaign

Trend Micro analysts also discovered a disturbing campaign called “FakeTrade” on the Google Play Store. This campaign identified 31 fraudulent applications, all referred to as “FakeTrade”, using identical C2 network infrastructures and certificates to the previously identified CherryBlos applications. These fraudulent apps use shopping themes and money-making offers to trick users. The tactic involves tricking users into viewing ads, subscribing to premium services, or adding funds to their in-app wallets, but ultimately preventing them from redeeming the promised virtual rewards.

How to protect yourself from malware?

Using a state-of-the-art password manager is a secure way to store all your passwords in one place without having to remember them individually. You just need to remember the master password of the password manager. Protect your Android device from malware by installing Android antivirus apps. These apps will scan both your current apps and any new downloads for viruses. While Google Play Protect offers similar protection and comes pre-installed on most Android phones, paid Android antivirus apps often offer additional features such as VPN or password management for added benefits.

According to Google’s statement to BleepingComputer, the said malware-infected apps have been successfully removed from Google Play. Google emphasized that it is committed to addressing security and privacy concerns and taking appropriate action against policy violations.

Despite the removal, the situation remains worrisome, as several users have already downloaded the malicious apps, which may require manual cleaning on problematic devices. So check if they are on your phone and remove them immediately.