BlackRock: The New Android Malware that Targets More Apps Than Ever Before

Must Read

Skeletons in the Closet? Google-Facebook Involved in Secret Online Advertising Deal

If you can’t beat ‘em, join ‘em. And when two titans happen to decide upon an alliance,...

A Majority of Web Professionals Prefer WordPress For Building Websites [STUDY]

The advancement in technology and network infrastructure has triggered an unprecedented competition among web professionals, who are willing to launch...

Smartphone Resale Value: Depreciation Is Surprising Enough [REPORT]

It's a tad cliché and true that smartphones have permeated every sphere of our life. The ceaseless...

A new Android malware has become a nightmare for over 2.5 billion Android smartphone users worldwide. The new banking malware has surfaced in the Android ecosystem, with a longer list of target apps, the ability to gain admin privileges to Android device, and the stealth to bypass a sleuth of antivirus services.

This bot was discovered by cybersecurity research firm ThreatFabric back in May, which is presumably around the time the threat emerged. Named BlackRock by its discoverers, the Android virus is based on Xerxes’ source code, a banking malware from 2019 derived from LokiBot, a malware famously known for being the base code for more strains of similar trojans.

BlackRock Android Malware: Google Update

BlackRock infects Android smartphones by posing as Google updates that ask for permission to observe one’s device actions and retrieve window content.

Advertisements
Android malware targeting banking apps
Source: ThreatFabric

The targeted Android smartphone users do not suspect that the update alert is malware in disguise due to BlackRock’s instrument of hiding itself from the app drawer.

Once the initial permissions are acquired, the bot enables other accessibility permissions it requires by itself, such as the ability to view text messages, lock the screen, and hide notifications. After device accessibility is obtained, the software starts receiving commands from a C2 server.

BlackRock Android Malware: Banking Apps On Risk

With the various coded commands it receives, BlackRock can perform all actions relevant to the theft of banking credentials such as reading messages, sending messages, keylogging, and overlaying.

Keylogging, or keystroke logging, refers to the tracking of all the keys a user presses on their keyboard. This feature is used to steal passwords and other sensitive information such as card numbers, account numbers, and the like.

Overlaying is a feature common to many banking malwares in which the bot in question keeps running in the foreground and steals information in the form of alerts that ask for credentials for security purposes.

Advertisements

Apart from these standard features, BlackRock also has two features that visibly stand out.

ThreatFabric reveals infected devices get profiled by the malware, i.e., the bug gains access to the device’s work profile which then grants it the ability to control or limit the usage of certain apps and permissions. This feature is usually used by device manufacturing companies to update and control device policies. It is also used by offices to ensure work-related apps do not interfere with other apps.

The second feature that stands out is the number of apps the Android malware targets. Apart from financial apps such as payment and banking apps, BlackRock also attacks communication, lifestyle, social media, and even dating apps. Business and shopping apps are also exploited. In total, the new trojan targets 337 apps including widely used ones such as WhatsApp, Telegram, TikTok, Tinder, Grindr, Messenger, Reddit, etc. A full list of the apps can be found here. These apps are mainly spied on to access financial information.

While most banking apps are specific to America and Europe, the additional apps are global in scale. Out of the total estimated number of BlackRock attacks, the most were in Spain.

Source: ThreatFabric

Lastly, BlackRock bypasses several anti-virus programs and device cleaners like Avast, McAfee, Kaspersky, and Superb Cleaner.

Banking Malware Seems to be on the Rise

ThreatFabric doesn’t know the scope of the harm BlackRock can inflict in the future, but a general trend for 2020 seems to be an emergence of increasingly sophisticated banking malware.

This is the third instance of a banking trojan being reported in July alone. The first came about in the second week of July, with Avast warning smartphone users against Cerberus, a bot that infects devices through apps on Google Play Store. Then, only 2 days ago, 4 Brazilian banking viruses launched worldwide.

Earlier this year, EventBot and Alien made headlines and put cybersecurity in peril.

The issue of malware is nothing new with Android. Unlike iOS, a number of issues, like fragmentation and vulnerability, has always made Android users a prime target of hackers and spammers. In May another Android malware dubbed “WolfRAT,” affected popular messaging apps, including Facebook Messenger, WhatsApp, and Line. In June 2016, more than 500 million Android devices were infected by another deadly malware.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

How Mobile Is Becoming A Catalyst Of Online Gambling Market Growth

The global online gambling market is now one of the biggest and it is expected to grow...

“Open Up Cambridge Analytica, It’s CBI At the Door!”

Among all the establishments ensnared in deplorable acts, Cambridge Analytica has steadily climbed the ladder of infamy. The roots of its malice...

Smartphone Resale Value: Depreciation Is Surprising Enough [REPORT]

It's a tad cliché and true that smartphones have permeated every sphere of our life. The ceaseless tech breakthroughs have led to...

Reliance-Future Deal Is Approved By SEBI But Biyani May Not Be Happy With It!

Despite Amazon trying its best to stick a fork between the Reliance-Future deal, the Indian market regulator SEBI has finally given the...

Skeletons in the Closet? Google-Facebook Involved in Secret Online Advertising Deal

If you can’t beat ‘em, join ‘em. And when two titans happen to decide upon an alliance, there are bound to be...

The Sudden Reappearance of Missing Jack Ma Leaves People Guessing About Many Things!

Jack Ma was preparing to publicly float Ant Group - what was billed to be the largest IPO in the world in...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This