Cherryblos

CherryBlos is a malicious software (malware) that primarily targets Android devices, with the primary objective of stealing cryptocurrency data. It was discovered in July 2023 when researchers found users unknowingly installing this crypto-stealing malware via the Google Play Store, often immediately after downloading a cryptocurrency mining application known as SynthNet. The cybercriminals behind CherryBlos cleverly disguised the malware as this legitimate app, thereby deceiving users into unintentionally compromising their own security. The unique and alarming aspect of CherryBlos malware is its utilization of optical character recognition (OCR). This technology enables it to extract sensitive information from pictures saved on the infected device. Specifically, it targets images that contain data related to the user's cryptocurrency wallets. By leveraging OCR, CherryBlos can access and steal this crucial information, posing a significant threat to users' digital assets. Given the serious threat posed by CherryBlos and similar malware like FakeTrade, it is recommended that users exercise extreme caution while downloading apps, particularly those related to cryptocurrency. Users should also restrict sharing files or photos unless necessary and maintain robust password protection. Trend Micro, a global leader in cybersecurity solutions, has identified several malicious Android apps containing CherryBlos malware, highlighting the importance of using trusted sources for app downloads.