What is BlackRock Android Malware?
After 'Joker' which affected 24 apps on Google Play Store, a new malware, 'BlackRock', has been spotted on the Play Store and is stealing crucial information from 337 apps-- Facebook, Gmail, Amazon, Netflix, Tinder, Uber and more, about your bank account and other login credentials.
BlackRock Android Malware
ThreatFabric, a security firm, first alerted about a new malware, BlackRock. The malware is stealing crucial information about your bank account such as passwords, credit card details from various apps apart from online banking apps.
The malware is based on the leaked source code of the 'Xeres' banking malware, which is derived from 'LokiBot' banking malware. BlackRock can target more apps than previous malware.
How does the malware attack?
When the malware is first launched on the device, it appears as a fake notification pop-up and disappears from the app drawer. The malware then asks for accessibility permissions. Once the accessibility is granted, the app grants itself the rest of the administrator permissions to function without any hindrance. The malware uses the smartphone's accessibility feature and Android DPC (Device Policy Controller) for permissions.
Once the BlackRock malware is successfully installed on a smartphone, it monitors the targetted app. As soon as the user enters his bank credentials, the information is sent to the server.
The app can send and steal SMS, AV detection, keylogging, etc.
BlackRock Target Apps
BlackRock malware is derived from banking malware but is not limited to only banking apps. It also targets other apps ranging from Lifestyle, Music, News, etc. and steals the passwords and other information on the apps.
The researchers are of the view that BlackRock steals login credentials from 226 apps such as PayPal, Amazon, eBay, Gmail, Google Play, Uber, Yahoo Mail, Amazon, Netflix and more while the app steals bank details from 111 apps such as Facebook Messenger, Google Hangouts, Instagram, PlayStation, Reddit, Skype, TikTok, Twitter, WhatsApp, YouTube and more.
As per a blog post by ThreatFabric, 'The Trojan will redirect the victim to the HOME screen of the device if the victims try to start or use antivirus software as per a specific list including Avast, AVG, Bitdefender, ESET, Symantec, Trend Micro, Kaspersky, McAfee, Avira, and even applications to clean Android devices, such as TotalCommander, SD Maid or Superb Cleaner.'