How to defend against CherryBlos and protect your passwords
Businesses, meet CherryBlos: the malware that steals your passwords from images. Earlier this year, researchers discovered this new strain of malware that can extract passwords and sensitive information from images alone.
In an era defined by the embrace of Bring Your Own Device (BYOD), the infiltration of compromised devices into corporate networks is now disturbingly effortless. This case is a stark reminder that as new technologies emerge, so do innovative threats. For business leaders, Android management strategies need to be improved to effectively counter this growing threat.
A new kind of threat: CherryBlos and more
A recent report from cybersecurity firm Trend Micro revealed that the operators behind the malware campaign used a multi-platform approach to spread their malicious software. Using popular platforms such as Telegram, TikTok, and
Notably, Trend Micro’s investigation uncovered at least four of these nefarious Android apps containing the CherryBlos malware, including GPTalk, Happy Miner, and Robot99. However, the fourth, called Synthnet, is even in the Google Play Store. Google has since moved quickly to remove it from the Play Store, prioritizing user safety and security. Nevertheless, the infiltration of the Google Play Store, camouflaged as a legitimate application, underlines this point. Once downloaded, CherryBlos steals information in two ways.
First, the malware uses ‘fake overlays’. This tactic involves creating counterfeit interfaces that place themselves on authentic banking apps or cryptocurrency wallets, effectively siphoning user data.
Second, and more worryingly, CherryBlos uses optical character recognition to scan images and extract data from them. If you have saved screenshots of passwords or sensitive information in your device’s gallery, CherryBlos has the ability to read and share this information.
Unfortunately, CherryBlos is not an isolated incident. The related malware, FakeTrade, further underlines this disturbing trajectory. The collective emergence of these threats highlights a strategic shift toward image-based data exploitation. This change in tactics highlights the urgent need for a multifaceted defense strategy that includes not only traditional cybersecurity measures, but also customized Android management solutions.
Founder and CEO of Hexnode.
The crucial role of Android management
In the modern workplace, no endpoint is an island. Compromised devices provide a potential gateway for cyber threats to infiltrate corporate networks. Herein lies the utmost importance of Android management solutions. In this sense, Google’s Android Enterprise program is emerging as a formidable ally. This comprehensive suite of tools and services allows businesses to seamlessly monitor Android devices and applications, streamlining the management and security of both personal and proprietary Android devices.
For example, implementing app allowlisting is an essential part of mitigating the risk of suspicious and malicious apps like SynthNet. By restricting users from installing only pre-approved applications, companies can ensure that employees only have access to trusted, secure apps.
Another Google initiative – Android Enterprise Rated – also gives companies a good idea of which devices and tools will meet their needs. These devices that adopt the Google badge should have additional security features such as automatic security patch management, data encryption, and remote device wipe.
While enterprises have the opportunity to experiment with Android Enterprise without immediately needing a third-party endpoint management solution, the complexity that comes from the diverse set of Android and other endpoints within an enterprise environment often makes the latter a more convenient choice for administrators.
How to tackle BYOD the right way
The rise of BYOD culture is revolutionizing the way we work, offering flexibility and efficiency. While it brings significant benefits, including higher productivity, lower IT costs and a more flexible workforce, it simultaneously introduces a host of unique challenges, especially in the context of malware intrusions.
Personal devices, due to their often less stringent security protocols, therefore prove to be a fertile breeding ground for insidious malware. As a result, the inadvertent introduction of these compromised devices into a corporate network, whether consciously or unconsciously, becomes a dangerously simple undertaking.
To protect against these risks, companies should review their BYOD policies. Fortunately, Google makes it possible to add such robustness in the form of work profiles through Android Enterprise. A work profile acts as an independent container that stores corporate data separately, ensuring employee privacy and maintaining security.
Finally, companies must implement advanced security measures to stop malware. Endpoint security tools, such as mobile threat defense solutions, are an essential part of any Android security architecture. While similar to traditional antivirus solutions, these tools take it to a new level by acting as vigilant sentinels, offering detection, prevention, and response to threats on mobile devices.
The rise of CherryBlos and its image-based data exploitation capabilities highlight the need for a comprehensive cybersecurity approach in the Android ecosystem. It’s not just about protecting individual devices – it’s about protecting corporate networks, user privacy and sensitive data from these evolving threats. The responsibility is clear for business leaders as they strive to adapt to the ever-changing cybersecurity narrative: stay vigilant, stay informed, and stay safe.
We have listed the best Mobile Device Management solutions.