Up next
Author

ANDROID owners have been warned over two new strains of malware that are stealing people’s passwords via 31 different apps.

These malicious apps aren’t exclusive to the Google Play Store, as they’re also being distributed on social media, such as YouTube, Twitter, and Telegram.

If you have one of these apps on your phone, you must delete it manually - or your passwords will be at risk, if they haven't been stolen already

1

If you have one of these apps on your phone, you must delete it manually – or your passwords will be at risk, if they haven’t been stolen alreadyCredit: Getty Images

The two new Android malware families are named CherryBlos and FakeTrade, and were discovered on the Google Play Store by cybersecurity firm Trend Micro. 

According to Trend Micro, the CherryBlos malware has been around since April.

The pair have been injected inside tens of apps, masquerading as shopping and money-making apps, as well as ones that are impersonating real-life businesses and ChatGPT.

Luckily, the apps have only been downloaded a few thousand times combined, before they were removed by Google. 

I'm a security expert – 3 of the 'worst cellphone mistakes' could cost you
I’m a tech expert – check phone for 6 mistakes that let creepy stranger watch you

However, if you have one of these apps on your phone, you must delete it manually – or your passwords will be at risk, if they haven’t been stolen already.

CherryBlos employs a number of different tactics to steal passwords, according to TrendMicro.

The main technique is to use fake overlays which appear on top of legitimate banking and crypto apps.

So instead of typing in details to access their accounts, victims are unknowingly plugging in their passwords and sending them straight to fraudsters.

Most read in Phones & Gadgets

Hackers are also using optical character recognition (OCR) – the technology used in PDF editors – to steal passwords from screenshots in victims’ photo albums.

Here’s the list of all of the 28 scam apps distributing the Faketrade malware:

  1. Ama
  2. BBShop
  3. Canyon
  4. Compass
  5. Domo
  6. Envoy
  7. Fiar
  8. FIRETOSS
  9. Gobuy
  10. Godo
  11. Goshop
  12. Huge
  13. Koofire
  14. Leefire
  15. Moshop
  16. NTBuy
  17. OneFire
  18. Papaya
  19. Pudding
  20. Saya
  21. Sengre
  22. Smartz
  23. Tango
  24. Timeshop
  25. Tinuiti
  26. Upwork 
  27. WebFX
  28. Youtech

Here are the apps carrying the CherryBlos malware:

  1. GPTalk
  2. Happy Miner
  3. Robot 999
  4. SynthNet

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

This post first appeared on Thesun.co.uk

You May Also Like

The Twitter Whistleblower’s Testimony Has Senators Out for Blood

Many of Silicon Valley’s fiercest watchdogs on Capitol Hill are now snarling.…

Pickup truck-sized ASTEROID came less than 250 miles from hitting Earth, Nasa reveals

AN ASTEROID the size of a pick-up truck has just skirted within…

iPhone 14 could be made from titanium and be more resistant to scratches and allow it to bend

Rumors about Apple’s upcoming iPhone 13 model are running rampant, but one…

NASA’s $981 million Lucy asteroid mission to launch tomorrow

NASA‘s Lucy spacecraft is all set to launch tomorrow morning, kicking off…