Security researchers have found a new Android Malware that targets a list of social, communication, and dating apps. The malware is called BlackRock and is a banking Trojan. It steals users’ data such as password, credit card details. Despite being a banking trojan the malware also targets non-financial apps.
The malware is advanced and uses an Android DPC (device policy controller) in order to provide access to other permissions. Once allowed the Accessibility feature, it can steal login and credit card details from some of the popular apps such as Gmail, Amazon, Netflix, Uber and more.
The BlackRock Malware
The malware functions just like any other malware, i.e, steal user’s data. According to researchers at ThreatFabric, the malware is based on the leaked source code of another malware strain Xerxes. The Xerxes malware is a known strain of the LokiBot Android trojan. The BlackRock is enhanced with more features and advanced which can steal passwords and even credit card details.
How BlackRock Works?
According to the research, the malware steals login credentials including username and password. Further, it sends a prompt to users to enter credit card details.
Once installed, the app asks for the phone’s Accessibility feature. Then, it uses the Accessibility feature to grant itself access to other Android permissions such as camera, microphone, location, and others. Further, it uses an Android DPC for access to admin.
The trojan collects data through the ‘overlay’ technique. If you don’t know, the overlay technique detects when a user interacts with an app and places a fake window on top that asks for login and credit card details before the user enters in a legitimate app.
Researchers have found that malware can also perform other instructive operations like:
- Intercept SMS messages.
- Perform SMS floods.
- Spam contacts with predefined SMS.
- Start specific apps.
- Log key taps (keylogger functionality).
- Show custom push notifications.
- Sabotage mobile antivirus apps, and more
The list of 266 targeted apps specifically for BlackRock’s credential theft includes e-commerce apps, social media apps, OTT apps, and others. Some of the popular apps that are targeted are Amazon, Google Play Services, Gmail, Microsoft Outlook, and Netflix. Similarly, there are 111 credit card theft target apps that include popular apps such as Facebook, Instagram, Skype, Twitter, and WhatsApp.
Android malware has found new ways to bypass Google’s app review process. Recently, Google removed 11 apps from the play store infected with Joker malware. Both malware has passed Google’s review system, and we hope Google would update its review system to stop malware and viruses.