BlackRock: The New Android Malware that Targets More Apps Than Ever Before

Must Read

Apple Has Finally Found The Right Partners To Launch Apple Cars By 2025

Rumours of a possible Apple Car in the making has been doing rounds for quite some time. But so...

IT Job Seekers Rejoice: Infosys To Hire 24,000 People From India!

IT job seekers can rejoice as there's a massive opportunity headed their way. The news related to Jobs at...

Google’s Dirty Secret Has Left Android Users In Australia Stunned, Strikes Back!

After going head-to-head with Google to make the search giant agreeing to its Media Bargaining Code, Australia is now...

A new Android malware has become a nightmare for over 2.5 billion Android smartphone users worldwide. The new banking malware has surfaced in the Android ecosystem, with a longer list of target apps, the ability to gain admin privileges to Android device, and the stealth to bypass a sleuth of antivirus services.

This bot was discovered by cybersecurity research firm ThreatFabric back in May, which is presumably around the time the threat emerged. Named BlackRock by its discoverers, the Android virus is based on Xerxes’ source code, a banking malware from 2019 derived from LokiBot, a malware famously known for being the base code for more strains of similar trojans.

BlackRock Android Malware: Google Update

BlackRock infects Android smartphones by posing as Google updates that ask for permission to observe one’s device actions and retrieve window content.

Advertisements
Android malware targeting banking apps
Source: ThreatFabric

The targeted Android smartphone users do not suspect that the update alert is malware in disguise due to BlackRock’s instrument of hiding itself from the app drawer.

Once the initial permissions are acquired, the bot enables other accessibility permissions it requires by itself, such as the ability to view text messages, lock the screen, and hide notifications. After device accessibility is obtained, the software starts receiving commands from a C2 server.

BlackRock Android Malware: Banking Apps On Risk

With the various coded commands it receives, BlackRock can perform all actions relevant to the theft of banking credentials such as reading messages, sending messages, keylogging, and overlaying.

Keylogging, or keystroke logging, refers to the tracking of all the keys a user presses on their keyboard. This feature is used to steal passwords and other sensitive information such as card numbers, account numbers, and the like.

Overlaying is a feature common to many banking malwares in which the bot in question keeps running in the foreground and steals information in the form of alerts that ask for credentials for security purposes.

Advertisements

Apart from these standard features, BlackRock also has two features that visibly stand out.

ThreatFabric reveals infected devices get profiled by the malware, i.e., the bug gains access to the device’s work profile which then grants it the ability to control or limit the usage of certain apps and permissions. This feature is usually used by device manufacturing companies to update and control device policies. It is also used by offices to ensure work-related apps do not interfere with other apps.

The second feature that stands out is the number of apps the Android malware targets. Apart from financial apps such as payment and banking apps, BlackRock also attacks communication, lifestyle, social media, and even dating apps. Business and shopping apps are also exploited. In total, the new trojan targets 337 apps including widely used ones such as WhatsApp, Telegram, TikTok, Tinder, Grindr, Messenger, Reddit, etc. A full list of the apps can be found here. These apps are mainly spied on to access financial information.

While most banking apps are specific to America and Europe, the additional apps are global in scale. Out of the total estimated number of BlackRock attacks, the most were in Spain.

Source: ThreatFabric

Lastly, BlackRock bypasses several anti-virus programs and device cleaners like Avast, McAfee, Kaspersky, and Superb Cleaner.

Banking Malware Seems to be on the Rise

ThreatFabric doesn’t know the scope of the harm BlackRock can inflict in the future, but a general trend for 2020 seems to be an emergence of increasingly sophisticated banking malware.

This is the third instance of a banking trojan being reported in July alone. The first came about in the second week of July, with Avast warning smartphone users against Cerberus, a bot that infects devices through apps on Google Play Store. Then, only 2 days ago, 4 Brazilian banking viruses launched worldwide.

Earlier this year, EventBot and Alien made headlines and put cybersecurity in peril.

The issue of malware is nothing new with Android. Unlike iOS, a number of issues, like fragmentation and vulnerability, has always made Android users a prime target of hackers and spammers. In May another Android malware dubbed “WolfRAT,” affected popular messaging apps, including Facebook Messenger, WhatsApp, and Line. In June 2016, more than 500 million Android devices were infected by another deadly malware.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Facebook Is Waging A Full-Blown War Against Clubhouse!

Facebook is all set to wage a full-blown war against Clubhouse, the newest and hottest entrant in the social...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This