The new Android malware, BlackRock has found its ways to bypass Google’s app review process. The latest Android malware is being circulated in the guise of fake Google update packages prescribed by third party sites and rips off credit card details from as much as 337 apps, including Gmail, Netflix, Amazon, Snapchat, Uber and many more.
Discovered by mobile security firm Threat Fabric, the latest Android malware is upgraded with data theft capabilities.It is a banking Trojan that affects devices by luring users to download updates from unknown users. Once successfully installed on Android device, the BlackRock malware begins its work by monitoring and detecting when one of its targeted legitimate apps is open.
It then manages to gain root access by asking for Accessibility Service privileges. Once the access is granted by the app user, BlackRock starts the phishing by conceding itself with additional permissions. Those additional permissions are essential for the bot to act to its full abilities without the victim knowing about it. When this step is complete, done, the bot receives instructions from the C2 server to perform the overlay attacks. Lets’ check out 5 things you need to know about the Android Malware BlackRock.
5 Things to Know About Android BlackRock Malware
- The latest Android malware BlackRock uses ‘overlays’ method to hoax users into filling in their log-in credentials along with card details to start browsing the targeted app. To identify these malware, stay away from entering your details in the windows that pop up when trying to log into an app.
- The BlackRockAndroid malware is based on the leaked source code of Xerxes, a malware strain named Xerxes. But, unlike its predecessors, the latest Android BlackRockis an advanced malware with upgraded features that spontaneously steal critical details and passwords.
- BlackRock has the ability to make its way in several Android apps. With its presence detected in 337 apps so far, the app is now targeting productivity applications as well.
- Most of BlackRock’s overlays are concerted on phishing social media, financial and communication apps. Once mounted in the device, BlackRockdiscretely works to fetch the phone’s Accessibility features by asking the affected apps to seek grant for the relevant details. These Accessibility features play a pivotal role as they can be used to automate and perform tasks on behalf of the user.
- BlackRock uses this to grant itself access to other Android permission and uses the Android DPC (device policy controller) to get admin access and create overlays. This malware can key log, harvest SMS, send SMS, collect device information, lock screens remotely, hide app icons etc.
BlackRock Malware can also perform the following intrusive operations, including:
- Intercept SMS messages
- Disrupt mobile antivirus apps
- Spam contacts with predefined SMS
- Execute SMS floods
- Start specific apps on its own
- Log key taps (keylogger functionality)
- Display custom push notifications
The only saving grace right now is that the BlackRock malware has not been able to decode the official Google App store. Be cautious while browsing the affected platforms. Do not share or store credit card credentials in your mobile phones. Be wary of such thefts.
Keep reading this space for more information!