Beware: Android Malware Steals Credentials via OCR and Screenshots
Originally Published 2 years ago — by BleepingComputer
Two new Android malware families, CherryBlos and FakeTrade, have been discovered on Google Play. CherryBlos is a cryptocurrency stealer that uses various tactics, including loading fake user interfaces and employing OCR to extract text from images, to steal cryptocurrency credentials and assets. It also acts as a clipboard hijacker for the Binance app, redirecting payments to the attackers' wallets. FakeTrade consists of 31 scam apps that trick users into watching ads, agreeing to premium subscriptions, or topping up in-app wallets without allowing them to cash out. Google has removed the reported malware apps from Google Play, but manual clean-ups may be necessary for infected devices.