OCR Malware: The Cryptocurrency Heist from Image Secrets

Get your popcorn ready, little investigators, for an exciting Android adventure is about to begin! Consider this: two new Android malware families called 'CherryBlos' and 'FakeTrade' are rampaging through Google Play, attempting to steal Bitcoin credentials and commit fraud. It's like the final battle between bad hackers and virtual wallet guards!

The digital defenders, Trend Micro, detected both malware gangs lurking on the same dark network infrastructure. What a wicked tag team! From social media ploys to misleading shopping applications, these bad men utilize creative techniques to spread their digital evil. It's a storyline straight out of an espionage film but with cell phones and Bitcoin at risk!


CherryBlos, the cunning Bitcoin thief, comes first. It uses Accessibility service rights to retrieve secret files from the malicious C2 server while preventing users from removing the trojanized program. There's no way out, no way out - it's like Batman is stuck in the Joker's fiendish maze!

But wait, there's more to this cryptocurrency heist! CherryBlos employs deceptive user interfaces to deceive people into disclosing their holy passwords. It's similar to a magician's illusion; only the virtual money vanishes into thin air! The true show-stopper is CherryBlos' OCR capability, a high-tech optical character recognition tool capable of decoding recovery words from images. It's like combining James Bond's gadgetry with Harry Potter's magical charms!

Imagine this: brave crypto users jotting down their precious recovery phrases on their devices. Oh, the audacity! While it's like putting treasure maps in a dragon's lair, some people can't stop themselves from photographing their crypto secrets. But don't worry, our smart adversary CherryBlos will be able to extract those sentences and grab the wealth! It's like something out of "Ocean's Eleven"!

But wait, it gets much more sinister! CherryBlos takes over the Binance app's clipboard, switching crypto recipient addresses with the attacker's, keeping the user in the dark. It's like a Houdini-worthy sleight-of-hand trick!

And just when you thought the spectacle was finished, the FakeTrade campaign, CherryBlos' deceiving cousin, comes. It has 31 fraud applications under its belt and preys on unsuspecting consumers by promising virtual incentives. Think of it as a virtual carnival with rigged games and no escape for the players!

Google, our hero, comes to the rescue, deleting the evil applications from Google Play. Hooray! However, the harm may have already been done, and infected devices may require thorough remediation. It's almost like a digital exorcism to drive away malicious spirits!

So, beware of the digital battlefield, where OCR software hides in the shadows and crypto criminals scheme their heists. Keep your virtual wallets secure, and remember that in this ever-changing cyber world, it's important to keep one step ahead! Stay watchful till next time, and may the force of strong passwords and security habits be with you!

Read next: The Alarming State of Email Security Worldwide
Previous Post Next Post