According to the latest reports, a new malware has emerged from the dark web equipped with a wide range of cyber security threats including stealing passwords and other sensitive data from as many as 337 android applications. Researchers have named the android malware as BlackRock, which was previously discovered in May 2020. The Android malware is said to be a new variant of the existing LokiBot trojan that is attacking not only the banking and financial-related android apps, but also a list of popular apps on android devices.
Some of the most commonly used and popular targeted apps include TikTok, Tinder, Twitter, Reddit, Instagram, Facebook, Amazon, VK, eBay, Playstation, Tumbler, Skype, Netflix and Snapchat to name a few. Researchers who initially discovered the BlackRock malware believe the malware was developed based on the leaked source code of Xerxes, which itself is a variant of LokiBot, but supplemented with additional capabilities which are inclined toward the theft of credit card details and user passwords.
BlackRock works like any other Android banking trojans, except it targets more apps than most of its forerunners. The Android malware is not only targeting banking but also various cryptocurrency apps across different countries including the US, Canada, France, UK, Japan, Malaysia and Australia.
The malware is not only limited to stealing credentials but is equipped with the ability to perform overlay attacks including send spam, steal SMS, lockout the victim in affected device screen and steal notifications. Researchers have also found that the trojan will prompt victims to their debit/credit card details if the apps support any financial transactions.
The unique thing about BlackRock android malware is that the non-financial app that it targets, the malware seems to lift data from a curated list of gaming, dating, common chat, shopping, news, lifestyle and social media applications. This helps to widen the reach of the malware towards its target.
Once installed on victim’s device, a malicious app adulterated with the BlackRock malware asks the victim to allow it access to the user’s phone accessibility feature. The accessibility feature in Android is one of the most powerful features as it can be used to perform taps on behalf of users and automate certain tasks. The BlackRock Android Malware then uses the accessibility feature to permit itself to other android access and then uses the Android Device Policy Controller (DPC) to give itself the admin access.
When the trojan received access, it can perform intrusive operations including, perform SMS floods, log key taps, intercept SMS text, display custom push notifications, vandalize antivirus apps on phone, start particular apps, send spam text with tailor-made SMS.
As of now, the malware is spread under fake Google update packages available on third-party websites, however, the BlackRock trojan is yet to be spotted on the official Google Play Store.
The best way to avoid becoming BlackRock’s victims is by securing online banking channels and updating from official platforms only.
For more news and updates on how to protect your organization. Follow us on Facebook, & LinkedIn or Contact us. Feel free to call us 406-646-2102 or mail sales@ExcelliMatrix.com.
