Criminals continue to find new ways to try to steal data from our mobile devices, and the latest to appear is a new variety of Android malware capable of targeting 337 applications.
As ZDNet reports, the malware is called BlackRock and was discovered by security company ThreatFabric. BlackRock is not exactly new, but is derived from the leaked source code of the Xeres malware, which is a strain of the banking Trojan LokiBot. What BlackRock cares about the most is the sheer number of apps that you can target in an attempt to steal data.
Once installed on a device, BlackRock monitors and detects when one of the legitimate apps it points to opens. At that point, an “overlay” appears on the screen that looks like the legitimate app, but is actually fake. The user, who is not the wisest, enters their login and / or card details and BlackRock sends them to a server while returning the user to the legitimate application.
BlackRock manages to gain root access by requesting accessibility service privileges when it is first installed. For now, it’s not on the Play Store and is infiltrating devices by being offered as a fake Google update on third-party stores. As ThreatFabric explains: “Once the user grants the requested Accessibility Service privilege, BlackRock begins by granting additional permissions. Those additional permissions are necessary for the bot to function fully without having to interact with the victim anymore. When done, the bot is functional and ready to receive commands from the C2 server and perform overlay attacks. “
In addition to fake overlays, BlackRock is capable of logging keys, granting permissions, collecting and sending SMS, locking the screen, collecting device information, collecting notifications, detecting AV, and it can hide its app icon and prevent its own deletion. The applications targeted by the malware cover the usual financial and social applications, but also spread its network to include the categories of books and references, business, communication, dating, entertainment, lifestyle, music and audio, news and magazines. , Video Players & Tools & Editors.
Clearly, BlackRock is a very strong variety of malware, but it’s not in the Google Play store yet, with the keyword “still” there. ThreatFrabric concludes that “we cannot yet predict how long BlackRock will be active in the threat landscape,” but continues, “The most important aspect to consider is securing online banking channels, which makes fraud difficult. performing, therefore, discourages criminals from creating more malware. “
