Beware of the New Android Malware Called BlackRock As It Targets Data From Over 300 Apps!
A new malware targeting Android devices has begun circulating after it emerged from the criminal underworld. It has a ton of malicious capabilities that allows it to steal data from a worrying 337 applications.
This malware strain is named BlackRock, and it was first found by the mobile security firm ThreatFabric in May of 2020.
What Is The Android Malware BlackRock?
Security researchers claim that the malware's code is based on another strain of malware's leaked source code that's named Xerses, which was also based on other malware strains. However, it has been upgraded with more features, where most of the new features focus on stealing people's credit card information and account credentials.
If you've heard of an Android banking trojan, then BlackRock works like most of them. But this particular strain infects more apps than a majority of the strains before it.
This trojan aims to take usernames and passwords wherever possible, but it also gets victims to input their payment card information if the app they're using handles financial transactions, such as shopping or banking apps.
According to ThreatFabric, the data collection technique that the trojan uses takes advantage of overlays. When a user attempts to interact with an official app, the trojan displays a fake window as an overlay that collects the information that the victim enters into it, like card information and login credentials. Then, they use that information and push it through to the official app as if nothing happened.
A report from ZDNet stated that ThreatFabric's researchers found out that most of the BlackRock's overlays are designed to phish financial, social media, messaging, and communication apps. But there are also overlays for phishing data from news, lifestyle, productivity, dating, and shopping apps. If you want to find out what apps were targeted, you can see the BlackRock report's full list.
What Does BlackRock Do?
BlackRock isn't unique in the way that it displays its overlays. Within the code, BlackRock works like most malware these days, and it takes advantage of techniques that have been used for a long time.
When BlackRock makes its way onto a device, a malicious app infected with the trojan will ask the user to give access to the device's Accessibility feature, which is one of the most advanced features of the Android operating system. It can be used to perform taps without the user having to touch the screen, and it can automate numerous tasks.
The trojan uses the Accessibility feature to get access to several other permissions on the device then it uses an Android device policy controller, a work profile, to gain admin privileges to the device.
This process is how BlackRock gets to show its overlays. Still, ThreatFabric states that it can do many other malicious operations, which includes reading and sending text messages, logging keystrokes, starting specific apps, showing custom notifications, infecting antivirus apps, and much more.
As of this article's writing, the BlackRock malware is being distributed under the guise of being a Google update package. It is currently found on third-party sites, and the trojan hasn't discovered its way onto the official Play Store. But hackers have found a way to bypass the app review process before, which means BlackRock might appear in the Play Store soon.
[BLOG] New Android banking #Trojan based on the infamous LokiBot that includes overlays for widely used dating, social, communication, crypto and financial apps.https://t.co/MARQO11BXv#Malware is on the rise, but we have mobile #ThreatIntel #MTI — ThreatFabric (@ThreatFabric) July 16, 2020
Chrome on Android Will Receive a New Feature Where You Can Save Downloads for Later
Want to download something later on your Android device's Google Chrome browser? Well, that feature is in testing, which means it will be coming to your device soon!
5 Reasons Why Android OS Is Better Than IOS
Apple and Google will always have its patrons. But for those who simply want a device that suits their needs the choice between an Android device or an iOS device can be a difficult one. Let's make it easier for you: Android
Android Users Now Have Dark Mode in G Suite Apps: Here's How to Enable It And Why It's Important
Have you wanted to have night mode on the G Suite apps? Look no further, dark mode is now coming to the G Suite apps on Android! Here's how you can enable it and why you need it.
The Mac ThiefQuest Ransomware Proves All Computers Can Be Infected
If you think having a Mac computer will keep you safe from malware, you are wrong. The ThiefQuest ransomware is proof that even Macs aren't safe.
The Univeristy of California San Francisco Pays $1.14 Million Ransom To Cybercriminals
It looks like ransomware has taken hold of servers at UCSF. Unfortunately, the ransom had to be paid to save their data. But did they try to restore it themselves? Find out here.
MORE IN ITECHPOST
At-Risk Mental Health for Students: Developing Resilience Among Students amid the Coronavirus Pandemic
At-Risk Mental Health for Students to help students struggling with their mental health, especially now amid the pandemic. It focuses more on developing students' resilience.
Tech Leaders and Health Authorities Join Forces, Launch New Initiative to Help Fight Pandemic and Future Epidemics
Two contact tracing apps have been successfully launched recently in Canada and Ireland. The open-source code underlying these apps has been contributed to a newly launched initiative to help other countries and U.S. states in the fight against the pandemic.
Fairy Tail Game Releases a Season Pass, a Week After It Was Launched
The anime RPG Fairy Tail from Koei Tecmo has just released a season pass that will release additional characters and content into the game, just a week after it was launched.