Mobile security firm ThreatFabric discovered a new threat named BlackRock, emerged in May 2020
Mobile security firm ThreatFabric discovered a new threat named BlackRock, emerged in May 2020. This malware can steal data from at least 337 Android apps.
BlackRock was based on the leaked source code of another malware strain called Xerxes (Xerxes itself on other malware strains), and it has additional features that help steal passwords and credit card information.
BlackRock functions the same like other Android banking trojans except that it can target more apps, 337 to be detailed, than all its predecessors. It can steal both login credentials and also prompt the victim to enter credit card details if the apps support financial transactions.
How does BlackRock malware work?
- The malware is first launched on the device and will make itself invisible to the end-user by hiding its icon from the app drawer.
- Next, it asks the victim for Accessibility Service privileges.
- As soon as the user grants permission for the requested Accessibility Service privilege, BlackRock starts by giving itself additional permissions which are required for the bot to fully function without having to interact any further with the victim.
- When it's done, bot is functional and ready to receive commands from the C2 [command-and-control] server and perform the overlay attacks.
What functions can BlackRock perform?
BlackRock is capable of keylogging, granting permissions, SMS harvesting and forwarding, screen-locking, device data collection, notification collection, AV detection, and can both hide its app icon and prevent its removal.
BlackRock targets phishing social and financial apps. However, it expands into phishing data from dating, news, shopping, lifestyle, and productivity apps. The full list of targeted apps is included in the BlackRock.
The Trojan is inactive on the Google Play Store, and it hides in Google update packages via third-party websites.
"We can't yet predict how long BlackRock will be active on the threat landscape," reported ThreatFabric. "The most important aspect to take care of is securing the online banking channels, making fraud hard to perform, therefore discouraging criminals to make more malware.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online