Geek Dashboard

How-To's, Smartphones, News and Reviews

  • Home
  • News
  • Smartphones
    • Android
    • iOS
  • Computers
    • Windows
    • macOS
  • Internet
  • Reviews
You are at Home » News

Beware: BlackRock Malware Can Steal Your Passwords and Credit Card Details From Android Apps

Last Updated on July 18, 2020 by Rahul Rawat Leave a Comment

Security researchers have found a new Android Malware that targets a list of social, communication, and dating apps. The malware is called BlackRock and is a banking Trojan. It steals users’ data such as password, credit card details. Despite being a banking trojan the malware also targets non-financial apps.

The malware is advanced and uses an Android DPC (device policy controller) in order to provide access to other permissions. Once allowed the Accessibility feature, it can steal login and credit card details from some of the popular apps such as Gmail, Amazon, Netflix, Uber and more.

BlackRock Malware
Image Credit: ThreatFabric

The BlackRock Malware

The malware functions just like any other malware, i.e, steal user’s data. According to researchers at ThreatFabric, the malware is based on the leaked source code of another malware strain Xerxes. The Xerxes malware is a known strain of the LokiBot Android trojan. The BlackRock is enhanced with more features and advanced which can steal passwords and even credit card details.

Also Read: How can you Avoid Penalties and High Interest on Credit Card Debts with Personal Loans

How BlackRock Works?

According to the research, the malware steals login credentials including username and password. Further, it sends a prompt to users to enter credit card details.

Once installed, the app asks for the phone’s Accessibility feature. Then, it uses the Accessibility feature to grant itself access to other Android permissions such as camera, microphone, location, and others. Further, it uses an Android DPC for access to admin.

The trojan collects data through the ‘overlay’ technique. If you don’t know, the overlay technique detects when a user interacts with an app and places a fake window on top that asks for login and credit card details before the user enters in a legitimate app.

Overlay page
Image Credit: ThreatFabric

Researchers have found that malware can also perform other instructive operations like:

  1. Intercept SMS messages.
  2. Perform SMS floods.
  3. Spam contacts with predefined SMS.
  4. Start specific apps.
  5. Log key taps (keylogger functionality).
  6. Show custom push notifications.
  7. Sabotage mobile antivirus apps, and more

Targeted Apps

The list of 266 targeted apps specifically for BlackRock’s credential theft includes e-commerce apps, social media apps, OTT apps, and others. Some of the popular apps that are targeted are Amazon, Google Play Services, Gmail, Microsoft Outlook, and Netflix. Similarly, there are 111 credit card theft target apps that include popular apps such as Facebook, Instagram, Skype, Twitter, and WhatsApp.

Android malware has found new ways to bypass Google’s app review process. Recently, Google removed 11 apps from the play store infected with Joker malware. Both malware has passed Google’s review system, and we hope Google would update its review system to stop malware and viruses.

#Android#BlackRock#Internet Security#malware
Posted inNews

Spread the Word!

Avatar for Rahul Rawat

Rahul Rawat Facebook Twitter

Rahul loves writing about technology and gadgets. He likes playing games in his free time and he wishes to convert his 6.85 Billion 8ball pool coins into real money.

Related articles

Mobiles

11 Classic Childhood Games for Android and iOS to Recall your Memories

classic games for our smartphone
News

Realme 5 Pro Specs Leaked; Will Go Official on August 20 in India

News

iQOO Z3 5G Launched with Snapdragon 768G SoC and Triple Cameras

iQOO Z3 Colors

Comment Policy:

The comments section is aimed to help our readers in case of any questions or you can even appreciate us for our hard work. Every comment is strictly moderated before approving it.

Your name and comment will be visible to the public. Never share your personal information in the comments section.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Over 1,30,286+ Followers

Join to get latest updates from Geek Dashboard

Facebook Twitter Telegram Pinterest YouTube Instagram

Recently Published

  1. Tecno Spark Go (2023) Launched with MediaTek Helio A22 SoC and Dual Cameras in India

  2. Creating Social Media Visuals: 9 Tips, Tricks, and Tools

  3. Hum to Search: 5 Best Music Recognition Apps to Find a Song by Humming

  4. Fire-Boltt Talk Ultra With Bluetooth Calling and 123 Sport Modes Launched in India

  5. Wikolo Super App: Bringing Countless Benefits for Students

Geek Dashboard Placeholder

Download the apps and never miss a story from us

We put a lot effort and resources in writing our articles and we believe it is our responsibility to satisfy your tech hunger. We will keep you filled forever!

  • Get Geek Dashboard App from Google Play
  • Get Geek Dashboard App from Chrome Web Store
Geek Dashboard Logo

At Geek Dashboard, we are dedicated to bringing you the latest and greatest in technology news, reviews, and how-to guides. From smartphones to laptops, and everything in between, we've got you covered.

Got a Tip? Write In tip@geekdashboard.com

© 2012 - 2023 · Geek Dashboard, product of ikva eSolutions

Blog Advertise About Jobs Contact Privacy Policy Write For Us T&C Office Setup

No dogs were injured while working on this website because we love them