OCR isn't the only advanced technique used by "CherryBlos" apps.
  • Margot Robbie@lemmy.worldOPMEnglish
    11·
    11 months ago

    A bunch of malicious crypto apps with hidden malware that overlays over legitimate crypto wallets to steal credentials. Technique looks very sophisticated based on the article’s breakdown.

    • kvothelu@lemmy.worldEnglish
      4·
      11 months ago

      you have to specifically give permission to overlay. I never give overlay permission even to most popular apps.

      • Margot Robbie@lemmy.worldOPMEnglish
        6·
        11 months ago

        It seems like they ask for accessibility permissions first, and exploits that to automatically click “accept” and grant itself other permissions, which I assume overlay is one of them.

        • ngwoo@lemmy.worldEnglish
          1·
          11 months ago

          This dumb shit is why Google keeps crippling the accessibility API more and more. Idiots need to stop clicking on stuff just because the app asks them to.