Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Laptop
Laptop
Technology
Jason England

These 2 new types of Android malware steal your cryptocurrency — delete them now

Hacker stealing money from phone

If you have an Android phone, your crypto wallet is regularly at risk from bad actors with fake apps that steal your information. Two new malware families have been discovered — named ‘CherryBios’ and ‘FakeTrade.’

They were both on Google Play for a while, and being widely shared across social media and fake websites. Here is a little more about how they work, but please make sure you delete them immediately, and keep that wallet safe.

Popping the Cherry (Bios)

(Image credit: Shutterstock)

Discovered by Trend Micro, these two new Android malware families have one goal in mind: steal your cryptocurrency details to conduct scams or nab your funds. 

CherryBios has been distributed since April 2023, and is commonly found across social media, disguised as an AI tool or coin miner. To access your cryptocurrency funds, it manipulates your Accessibility service permissions to gain access to configuration files from the C2 server — a backdoor that can be used to automatically grant permissions without any user interaction.

With that, the user isn’t able to kill the app’s process of taking your crypto credentials. More concerning is the fact it also uses OCR (optical character recognition) to extract any text from images saved on your device. So if you screenshot your recovery phrase for your cryptocurrency wallet, that’s not safe when CherryBios is around!

FakeTrade is a separate campaign that uses the same nefarious means, but seems to be a little more widespread, given that 31 fraudulent apps were identified. These are posted like shopping-related programs or money-making offers to trick people into downloading them.

Outlook

Luckily, Google confirmed the CherryBios malware-infected apps have been removed from the Play Store. But there is still a cause for concern here, given that the APK is being spread through social media and fake websites.

If you’re worried about these malicious APKs, check whether you downloaded from the following websites:

  • chatgptc[.]io
  • happyminer[.]com
  • robot999[.]net
  • Synthnet[.]ai

And as we always say, check your phone and delete them promptly if you have them. Either that or stay away from unofficial APKs from websites, and stick to the Play Store. It may take Google a little bit to remove malicious apps, but it’s a far more reliable place than going outside the system.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.