The new malware are susceptible to being attacked by trojan including Gmail, Instagram, Uber etc.
A new Android malware has emerged that can steal data from at least 337 Android apps called ‘BlackRock’. This malware was first tracked in May this year and discovered by a mobile security company called ThreatFabric. The company researchers said that BlackRock is based on the leaked source code of malware strain called Xerxes (Xerxes itself an other malware strain). BlackRock has been upgraded up with additional features, especially that help steal credit card information.
About: ‘BlackRock’ Android malware
BlackRock works like most other Android based banking apps except that it can target more 337 apps. It can steal both login credentials and also prompt victim to enter credit card details it apps support online transactions. ThreatFabric says that BlackRock malware collect data on the bases of overlays that involves detecting when the users is trying to interact with an infected app, the malware shows the fake window to collect users login details and card data before allowing the user to actually start using the main app.
The security agency shared a report where the researchers have said that a large majority of BlackRock are mainly concentrated towards financial apps, social media apps and communications apps. However, BlackRock also overlays for dating apps, productivity apps and lifestyles apps as well. In this apps include the likes of Gmail, Instagram, Uber, Twitter etc. The BlackRock uses the Accessibility feature that grant itself access to other Android permissions and uses an Android DPC to give itself admin to the device. Then malware uses this access to show the overlays.
BalckRock can perform various intrusive operations like: Overlaying Dynamic, Keylogging, SMS harvesting (forwarding and listing), Device info collection, SMS sending, Self Protection(Hiding app icon), Remote action, Notifications collections, AV detection and Grant permissions. BlackRock is currently been activated in the guise of fake Google update packages offered by third party sites.