BlackRock: Watch out for this Android trojan

The criminal web mafia has come up with a brand-new strain of Android Malware that can steal data straight from personal devices. Christened BlackRock, the malware is reportedly so advanced it is capable of targeting 337 Android apps.

BlackRock was discovered around May 2020 by an Amsterdam based mobile security company, ThreatFabric. Upon analysis, it was found that the malware was derived from another malware strain, Xerxes, whose source code was made public around May 2019. The Xerxes banking malware is itself a strain of the LokiBot Android banking trojan.

Although it works like most other Android banking trojans, Blackrock can target more apps than its forerunners.

Blackrock also seems to have tailored its application target list to abuse the growing use of online socializing due to the current pandemic situation, as it includes an important number of social, networking, communication and dating applications in its hit list. It has been observed that most of the existing banking trojans do not target such applications.

Equipped with more enhanced features, the trojan can steal login credentials, as well as promoting the victim to enter payment card details if the affected app supports financial transactions.

Once BlackRock has been installed on a device, it can detect when a user is trying to interact with a legitimate app. It then releases an “overlay” to mimic the UI of the targeted app. As the actual app screen is curtained by the overlay, the user enters login details and financial data into the BlackRock database. The malware then redirects the user back to the original app’s screen.

Must read | Zoom patches Zero-day flaw in Windows 7 PC version

Other than fake overlays, BlackRock is also capable of other privacy-invading functions like keylogging, SMS interception, AV detection, notification collection, the opening of specific apps, collecting information from the affected device, and hiding its own app icon, preventing its removal.

Although BlackRock has not yet been spotted on the official Google Playstore, it is predicted to bypass Google’s app security screening as several other malware have done in the past. Bad actors are creating fake app updates in third-party app stores and dupe the people to upload the malware-laced firmware as a new legitimate version.

Must read | Google removes 11 Joker malware-laced apps from Play store

People have advised not to download any apps or Android Package (APK) from third-party and unfamiliar websites.

Get the latest news on new launches, gadget reviews, apps, cyber security, and more on personal technology only on DH Tech.