A new Android Malware "BlackRock" targeted 337 Apps to steal your credentials and card details

Photo: Sebastian Bednarek

From: Unsplash

A new Malware named as BlackRock is doing rounds in the Android system and has currently targeted 337 apps to steal users' personal information and bank card details, this malware was started in May of this year and have been found by a mobile security firm ThreatFabric recently, reported by ZDNet.

As per the researchers, BlackRock is developed from the leaked source code of a previous malware Xerxes and was enhanced with the capabilities of data theft, it can steal your passwords and credit card details without you even releasing it, it will also prompt users to enter payment details if the targeted app support financial transactions.

Threat Fabric reports that BlackRock uses a technique called overlays which will detect a user trying to enter an app and will show a fake overlay window that prompts users to enter login details before letting the user into the app, the credential entered in the fake window will be stolen.

Image: ThreatFabric

BlackRock mainly targets financial and social apps, but the targeted 337 apps also include, dating, news, shopping, lifestyle, and productivity apps, these apps mainly contains user's personal information and in some cases financial information too.

Once this trojan, BlackRock attacked an app, the app will ask you to give permission to the accessibility feature of your phone, accessibility is a powerful feature, an app can perform several tasks with this permission and should be granted only to a trusted app.

Once BlackRock gets access to the Accessibility feature it will use it to get other permissions by itself, after that, it uses an  Android DPC (device policy controller, aka a work profile) to get admin access to the device, with this it can show overlays in the targeted apps.

Credential phishing overlays Image: ThreatFabric

Besides this, BlackRock can "Intercept SMS messages, Perform SMS floods, Spam contacts with predefined SMS, Start specific apps, Log key taps (keylogger functionality), Show custom push notifications, Sabotage mobile antivirus apps, and more."

BlackRock has been circulating as a fake Google update package offered on third-party sites and hasn't been appeared on Google Play Store yet, so, if you only update your apps on PlayStore and install apps only from PlayStore, you didn't get much to worry about but being cautious in giving permission to apps in always important.

If you want to know what are the 337 apps that were targeted by BlackRock, see the full report here.

Also Read: A "wormable" flaw found in the Windows DNS server, Microsoft urges admins to install the patch ASAP.