Geek Dashboard Home
HomeNews

Beware: BlackRock Malware Can Steal Your Passwords and Credit Card Details From Android Apps

3 min read Leave a Comment

Security researchers have found a new Android Malware that targets a list of social, communication, and dating apps. The malware is called BlackRock and is a banking Trojan. It steals users’ data such as password, credit card details. Despite being a banking trojan the malware also targets non-financial apps.

The malware is advanced and uses an Android DPC (device policy controller) in order to provide access to other permissions. Once allowed the Accessibility feature, it can steal login and credit card details from some of the popular apps such as Gmail, Amazon, Netflix, Uber and more.

BlackRock Malware
Image Credit: ThreatFabric

The BlackRock Malware

The malware functions just like any other malware, i.e, steal user’s data. According to researchers at ThreatFabric, the malware is based on the leaked source code of another malware strain Xerxes. The Xerxes malware is a known strain of the LokiBot Android trojan. The BlackRock is enhanced with more features and advanced which can steal passwords and even credit card details.

Also Read: How can you Avoid Penalties and High Interest on Credit Card Debts with Personal Loans

How BlackRock Works?

According to the research, the malware steals login credentials including username and password. Further, it sends a prompt to users to enter credit card details.

Once installed, the app asks for the phone’s Accessibility feature. Then, it uses the Accessibility feature to grant itself access to other Android permissions such as camera, microphone, location, and others. Further, it uses an Android DPC for access to admin.

The trojan collects data through the ‘overlay’ technique. If you don’t know, the overlay technique detects when a user interacts with an app and places a fake window on top that asks for login and credit card details before the user enters in a legitimate app.

Overlay page
Image Credit: ThreatFabric

Researchers have found that malware can also perform other instructive operations like:

  1. Intercept SMS messages.
  2. Perform SMS floods.
  3. Spam contacts with predefined SMS.
  4. Start specific apps.
  5. Log key taps (keylogger functionality).
  6. Show custom push notifications.
  7. Sabotage mobile antivirus apps, and more

Targeted Apps

The list of 266 targeted apps specifically for BlackRock’s credential theft includes e-commerce apps, social media apps, OTT apps, and others. Some of the popular apps that are targeted are Amazon, Google Play Services, Gmail, Microsoft Outlook, and Netflix. Similarly, there are 111 credit card theft target apps that include popular apps such as Facebook, Instagram, Skype, Twitter, and WhatsApp.

Android malware has found new ways to bypass Google’s app review process. Recently, Google removed 11 apps from the play store infected with Joker malware. Both malware has passed Google’s review system, and we hope Google would update its review system to stop malware and viruses.

Be the Change!

Spread the word and help us create better tech content

Facebook Twitter Reddit WhatsApp Pinterest
Avatar for Rahul Rawat

Rahul Rawat

Facebook Twitter

Rahul loves writing about technology and gadgets. He likes playing games in his free time and he wishes to convert his 6.85 Billion 8ball pool coins into real money.

Read all 220 articles from Rahul

Leave a Reply

The comments section is to assist our readers with any inquiries. Each comment undergoes rigorous moderation before it can be approved for publication.Your name and comment will be publicly visible. Your email address will not be published.Required fields are marked