Faketrade

Malware updated a month ago (2024-11-29T14:26:30.035Z)

Download STIX

Preview STIX

FakeTrade is a malicious software, or malware, that was first identified in 2021. It infiltrates Android devices through fraudulent money-earning apps uploaded on Google Play, and has been primarily linked with the app “com.mramyr.myrapp.” The malware was named "FakeTrade" due to its association with scam apps that mimic e-commerce platforms. These apps promise users increased income through referrals and top-ups, but instead distribute the FakeTrade malware, which is designed to steal personal information such as cryptocurrency wallet data. The discovery of FakeTrade was part of a larger investigation into two related malware campaigns, both financially motivated and targeting Android users. One campaign involved a new strain of Android malware dubbed "CherryBlos," while the other centered around FakeTrade. Both campaigns were uncovered a month prior to the identification of the specific FakeTrade malware, and they have been linked due to their similar modus operandi and the concurrent timing of their activities. In total, researchers found approximately 31 fake Android apps distributing the FakeTrade malware. Most of these apps were designed for shopping or persuading users to complete various tasks to earn money or purchase app credits. The malware operators used these fake money-earning apps to mask their true purpose: to exploit and damage user devices, disrupt operations, and steal valuable personal data, including crypto wallet information.

Description last updated: 2024-05-04T19:22:54.042Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Cherryblos is a possible alias for Faketrade. CherryBlos is a malicious software (malware) that primarily targets Android devices, with the primary objective of stealing cryptocurrency data. It was discovered in July 2023 when researchers found users unknowingly installing this crypto-stealing malware via the Google Play Store, often immediatel	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Android

Scams

Scam

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Faketrade Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a year ago	'KandyKorn' macOS Malware Lures Crypto Engineers
Trend Micro	a year ago	Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns
CERT-EU	a year ago	New Android Malware Uses Optical Character Recognition to Steal Login Credentials
Checkpoint	a year ago	31st July – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	SpyNote Spyware Returns with SMS Phishing Against Banking Customers
CERT-EU	a year ago	FakeTrade Android Malware Attack Steals Crypto Wallet Data
CERT-EU	a year ago	CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency