How to defend against CherryBlos and protect your passwords

A person using an Android phone.
(Image credit: Nord Security)

Enterprises, Meet CherryBlos: the malware that plunders your passwords from pictures. Earlier this year, researchers uncovered this new species of malware that can extract passwords and sensitive information from images alone.

In an era marked by the embrace of Bring Your Own Device (BYOD), the infiltration of compromised devices into corporate networks is now disturbingly effortless. This case serves as a stark reminder that as new technologies surface, so do innovative threats. For enterprise leaders, Android management strategies must be improved to effectively counter this growing menace.

A new breed of threat: CherryBlos and beyond

In a recent report by cybersecurity firm Trend Micro, it has been revealed that the operators behind the malware campaign have employed a multi-platform approach to disseminate their malicious software. Utilizing popular platforms such as Telegram, TikTok, and X, the threat actors have displayed ads directing unsuspecting victims to phishing sites hosting these fraudulent applications. 

Notably, Trend Micro's investigation has unearthed at least four of these nefarious Android apps bearing the CherryBlos malware, including GPTalk, Happy Miner, and Robot99. The fourth one, named Synthnet, however has even been listed on the Google Play Store. Google has since taken swift action to remove it from the Play Store, prioritizing user safety and security. Nevertheless, its infiltration of the Google Play Store, camouflaged as a legitimate application, underscores this point. Once downloaded, CherryBlos steals information in two ways.

First, the malware deploys "fake overlays." This tactic involves the creation of counterfeit interfaces that superimpose themselves on authentic banking apps or cryptocurrency wallets, effectively siphoning user credentials.

Second, and even more concerning, CherryBlos leverages optical character recognition to scan images and extract data from them. In essence, should you have screenshots of passwords or sensitive information stored in your device gallery, CherryBlos possesses the ability to read and share this information.

Unfortunately, CherryBlos isn’t an isolated incident. Its sibling malware, FakeTrade, further underscores this unsettling trajectory. The collective emergence of these threats emphasizes a strategic shift towards image-based data exploitation. This change in tactics emphasizes the urgent need for a multi-faceted defense strategy that encompasses not only traditional cybersecurity measures but also tailored Android management solutions.

Apu Pavithran

Founder and CEO of Hexnode.

The crucial role of Android management

In the modern workplace, no endpoint is an island. Compromised devices represent a potential gateway for cyber threats to infiltrate corporate networks. Herein lies the paramount significance of Android management solutions. In this sense, Google’s Android Enterprise program emerges as a formidable ally. This comprehensive suite of tools and services empowers businesses to seamlessly oversee Android devices and applications, streamlining management and security for both personal and corporate-owned Android devices.

For instance, the implementation of app allowlisting is an essential feature to mitigate the risk of suspicious and malicious apps such as SynthNet. By restricting users to install only pre-approved applications, businesses can ensure that employees only access trusted, secure apps.

Another initiative by Google – Android Enterprise Recommended – also gives businesses a fair idea about what devices and tools will fit their requirements. These devices inheriting Google’s badge must have additional security features like automatic security patch management, data encryption, and remote device wiping.

Although businesses have the option to experiment with Android Enterprise without immediately necessitating a third-party endpoint management solution, the complexity arising from the diverse array of Android and other endpoints within a corporate environment often makes the latter a more convenient choice for administrators.

How to get BYOD right

The rise of the BYOD culture is revolutionizing the way we work, offering flexibility and efficiency. While it brings significant advantages, including heightened productivity, reduced IT costs, and a more agile workforce, it simultaneously introduces a host of unique challenges, particularly in the context of malware intrusions.

Personal devices, owing to their often less stringent security protocols, therefore emerge as fertile ground for insidious malware. Consequently, the inadvertent introduction of these compromised devices into a corporate network, knowingly or unknowingly, becomes a perilously simple endeavor.

To safeguard against these risks, businesses must revise their policy for BYOD. Fortunately, through Android Enterprise, Google makes it possible to add such robustness in the form of work profiles. A work profile acts as an independent container that stores corporate data separately, thereby ensuring employee privacy while maintaining security.

Finally, enterprises must deploy advanced security measures to stop malware in its tracks. Endpoint security tools such as mobile threat defense solutions are an essential part of any Android security architecture. Although akin to traditional anti-virus solutions, these tools extend to a new level by acting as vigilant sentinels, offering threat detection, prevention, and response on mobile devices.

The emergence of CherryBlos and its image-based data exploitation capabilities highlight the need for a comprehensive cybersecurity approach in the Android ecosystem. It's not just about protecting individual devices – it's about safeguarding corporate networks, user privacy, and sensitive data from these evolving threats. The responsibility is clear for enterprise leaders striving to adapt to the ever-changing cybersecurity narrative: stay vigilant, stay informed, and stay secure.

We've listed the best Mobile Device Management solutions.

Apu Pavithran is the founder and CEO of Hexnode.