Security researchers have reportedly discovered malware that steals user data via optical character recognition.
This malware, known as CherryBlos and uncovered by security firm Trend Micro, has been embedded into at least four Android apps available outside of Google Play, particularly on sites promoting money-making scams, Ars Technica reported Friday (July 28).
According to the report, the malware contained a rare, if not totally new, feature that lets it capture mnemonic passphrases used to access accounts. When legitimate apps display passphrases on phones, the malware takes an image of the screen and uses optical character recognition (OCR) to translate the image into text and break into accounts.
“Once granted, CherryBlos will perform the following two tasks: Read pictures from the external storage and use OCR to extract text from these pictures [u]pload the OCR results to the C&C [command and control] server at regular intervals,” the researchers wrote.
The Ars Technical report notes that most banking and finance apps contain a setting that blocks screenshots during sensitive transactions. CherryBlos seems to be able to bypass these restrictions by using accessibility permissions for people with vision impairments or other types of disabilities.
The news came days after the U.S. Securities and Exchange Commission (SEC) adopted new rules requiring public and foreign private companies to disclose material cybersecurity incidents and to detail their risk management, strategy and governance on an annual basis.
“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” SEC Chair Gary Gensler said in a news release last week. “Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable and decision-useful way.”
Meanwhile, recent research by PYMNTS finds that consumers want more smartphone security measures at work to protect their identities.
“Consumer Authentication Preferences for Online Banking and Transactions,” a PYMNTS and Entersekt collaboration, found that smartphones were the go-to choice for online financial transactions in the last months, with 7 in 10 consumers using them more often than other devices for sending or receiving funds.
“Thirty-eight percent of consumers would like their banks to require more visible security measures when a new device is used to access their bank accounts, and 37% said the same for online transactions involving large sums of money,” PYMNTS wrote.
In addition, 35% of consumers said they would like visible security measures when carrying out their first online transaction with a new retailer and when updating their personal banking info.