BlackRock: The New Android Malware that Targets More Apps Than Ever Before

Must Read

APAC Employees Desperate to Return to the Office [STUDY]

As researchers continue to take full advantage of the impromptu remote work experiment COVID-19 facilitated earlier this...

After Jio Platforms, Now JioFiber To Raise Billions In Investment!

if you are thinking that Mukesh Ambani is done with the investments in Jio Platforms after making...

Google Wanted To Acquire Facebook But The Objective Was Quite Concerning!

Can you imagine how powerful Google would have been today if it had access to monstrous amount...

A new Android malware has become a nightmare for over 2.5 billion Android smartphone users worldwide. The new banking malware has surfaced in the Android ecosystem, with a longer list of target apps, the ability to gain admin privileges to Android device, and the stealth to bypass a sleuth of antivirus services.

This bot was discovered by cybersecurity research firm ThreatFabric back in May, which is presumably around the time the threat emerged. Named BlackRock by its discoverers, the Android virus is based on Xerxes’ source code, a banking malware from 2019 derived from LokiBot, a malware famously known for being the base code for more strains of similar trojans.

BlackRock Android Malware: Google Update

BlackRock infects Android smartphones by posing as Google updates that ask for permission to observe one’s device actions and retrieve window content.

Advertisements
Android malware targeting banking apps
Source: ThreatFabric

The targeted Android smartphone users do not suspect that the update alert is malware in disguise due to BlackRock’s instrument of hiding itself from the app drawer.

Once the initial permissions are acquired, the bot enables other accessibility permissions it requires by itself, such as the ability to view text messages, lock the screen, and hide notifications. After device accessibility is obtained, the software starts receiving commands from a C2 server.

BlackRock Android Malware: Banking Apps On Risk

With the various coded commands it receives, BlackRock can perform all actions relevant to the theft of banking credentials such as reading messages, sending messages, keylogging, and overlaying.

Keylogging, or keystroke logging, refers to the tracking of all the keys a user presses on their keyboard. This feature is used to steal passwords and other sensitive information such as card numbers, account numbers, and the like.

Overlaying is a feature common to many banking malwares in which the bot in question keeps running in the foreground and steals information in the form of alerts that ask for credentials for security purposes.

Advertisements

Apart from these standard features, BlackRock also has two features that visibly stand out.

ThreatFabric reveals infected devices get profiled by the malware, i.e., the bug gains access to the device’s work profile which then grants it the ability to control or limit the usage of certain apps and permissions. This feature is usually used by device manufacturing companies to update and control device policies. It is also used by offices to ensure work-related apps do not interfere with other apps.

The second feature that stands out is the number of apps the Android malware targets. Apart from financial apps such as payment and banking apps, BlackRock also attacks communication, lifestyle, social media, and even dating apps. Business and shopping apps are also exploited. In total, the new trojan targets 337 apps including widely used ones such as WhatsApp, Telegram, TikTok, Tinder, Grindr, Messenger, Reddit, etc. A full list of the apps can be found here. These apps are mainly spied on to access financial information.

While most banking apps are specific to America and Europe, the additional apps are global in scale. Out of the total estimated number of BlackRock attacks, the most were in Spain.

Source: ThreatFabric

Lastly, BlackRock bypasses several anti-virus programs and device cleaners like Avast, McAfee, Kaspersky, and Superb Cleaner.

Banking Malware Seems to be on the Rise

ThreatFabric doesn’t know the scope of the harm BlackRock can inflict in the future, but a general trend for 2020 seems to be an emergence of increasingly sophisticated banking malware.

This is the third instance of a banking trojan being reported in July alone. The first came about in the second week of July, with Avast warning smartphone users against Cerberus, a bot that infects devices through apps on Google Play Store. Then, only 2 days ago, 4 Brazilian banking viruses launched worldwide.

Earlier this year, EventBot and Alien made headlines and put cybersecurity in peril.

The issue of malware is nothing new with Android. Unlike iOS, a number of issues, like fragmentation and vulnerability, has always made Android users a prime target of hackers and spammers. In May another Android malware dubbed “WolfRAT,” affected popular messaging apps, including Facebook Messenger, WhatsApp, and Line. In June 2016, more than 500 million Android devices were infected by another deadly malware.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Will You Buy iPhone 12 Pro At US$20,500?

if you are suspecting any typo error here, you are highly mistaken! The price of iPhone 12...

Google Is Shutting Down Google Play Music

Google Play Music will soon be buried in Google's graveyard. The company has announced that by December the service will be completely...

The Lawsuit That Could Force Apple To Exit China Market

It seems like China is now turning up the heat and is ready to take some really hostile measures after being worn...

Global E-commerce Sales to Reach $3.9 Trillion in 2020 [REPORT]

As the coronavirus pandemic has lead healthcare authorities to discourage physical social contact as much as possible, the most popular mode of...

OYO Gets New CEO And Merger To Boost Its Business In Japan

The hospitality industry has been one of the worst-hit due to COVID-19. The pandemic left the sector heavily crippled and forced many...

Microsoft Confirms That Buying TikTok Is On The Cards!

Putting an end to all speculations Microsoft has confirmed that the company is actively exploring options to buy TikTok. The Redmond giant...

In-Depth: Dprime

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

Fantastic 4: Four Day Work Week A Flashpoint Of Innovation?

It has been an idea that has been mooted by many, perhaps also somewhat sceptically. From being a dark horse to becoming...

More Articles Like This