CherryBlos and FakeTrade, two new Android malware families, were spotted on Google Play with the intention of stealing cryptocurrency-related information and money or running scams. Trend Micro uncovered the new malware strains and found that they shared the same network infrastructure and certifications, indicating that the same threat actors were responsible for their creation.
The malicious apps spread through a number of avenues, including Google Play, phishing websites, social media, and shady shopping apps. The first instance of CherryBlos malware distribution was observed in April 2023. It took the shape of an APK (Android package) file that was advertised on Telegram, Twitter, and YouTube as AI tools or cryptocurrency miners.