These 2 new types of Android malware steal your cryptocurrency — delete them now

News
By Jason England
published

Keep your crypto wallet safe — delete these apps now

Hacker stealing money from phone
(Image credit: Getty Images/JaaakWorks)

If you have an Android phone, your crypto wallet is regularly at risk from bad actors with fake apps that steal your information. Two new malware families have been discovered — named ‘CherryBios’ and ‘FakeTrade.’

They were both on Google Play for a while, and being widely shared across social media and fake websites. Here is a little more about how they work, but please make sure you delete them immediately, and keep that wallet safe.

Popping the Cherry (Bios)

Android malware

(Image credit: Shutterstock)

Discovered by Trend Micro, these two new Android malware families have one goal in mind: steal your cryptocurrency details to conduct scams or nab your funds. 

CherryBios has been distributed since April 2023, and is commonly found across social media, disguised as an AI tool or coin miner. To access your cryptocurrency funds, it manipulates your Accessibility service permissions to gain access to configuration files from the C2 server — a backdoor that can be used to automatically grant permissions without any user interaction.

With that, the user isn’t able to kill the app’s process of taking your crypto credentials. More concerning is the fact it also uses OCR (optical character recognition) to extract any text from images saved on your device. So if you screenshot your recovery phrase for your cryptocurrency wallet, that’s not safe when CherryBios is around!

FakeTrade is a separate campaign that uses the same nefarious means, but seems to be a little more widespread, given that 31 fraudulent apps were identified. These are posted like shopping-related programs or money-making offers to trick people into downloading them.

Outlook

Luckily, Google confirmed the CherryBios malware-infected apps have been removed from the Play Store. But there is still a cause for concern here, given that the APK is being spread through social media and fake websites.

If you’re worried about these malicious APKs, check whether you downloaded from the following websites:

  • chatgptc[.]io
  • happyminer[.]com
  • robot999[.]net
  • Synthnet[.]ai

And as we always say, check your phone and delete them promptly if you have them. Either that or stay away from unofficial APKs from websites, and stick to the Play Store. It may take Google a little bit to remove malicious apps, but it’s a far more reliable place than going outside the system.

Jason England
Jason England
Content Editor

Jason brought a decade of tech and gaming journalism experience to his role as a writer at Laptop Mag, and he is now the Managing Editor of Computing at Tom's Guide. He takes a particular interest in writing articles and creating videos about laptops, headphones and games. He has previously written for Kotaku, Stuff and BBC Science Focus. In his spare time, you'll find Jason looking for good dogs to pet or thinking about eating pizza if he isn't already.