Head up Android users! Another Android trojan is dynamic in the wild that steals your data. Named BlackRock, this Android malware targets several applications to take information.
BlackRock Android Malware
Researchers from ThreatFabric have found a new Android malware in the wild, which they call BlackRock. Sharing the details in a blog post, the researchers have revealed that the malware possesses robust data-stealing capabilities. It can pilfer users’ sensitive details, apart from login credentials, such as credit card data. Moreover, it also aims at stealing a huge amount of information as it targets 337 unique Android applications.
These apps belong to various categories including banking apps, social media apps, and more. This is something not common with other existing banking Trojans. In brief, when the malware reaches the device, it first hides its icon to stay invisible. Then, it poses as other services, such as fake Google update, and asks the user permission to access the Accessibility Service. Once received, the malware then automatically gains other permissions to access other apps. Now the malware can perform any action on the device without user interaction.
Some of these actions include sending SMS, SMS spamming, change SMS manager, keylogging, run apps, copying push notifications to the C&C, dismissing push notifications, and requesting admin privileges. Moreover, to steal precise information, it also performs overlay attacks. That is, tricking the victim to enter login credentials or other data in fake app screens impersonating any of the target apps. Whereas, to gain admin privileges, it abuses the Android work profiles.
Malware Seems A Variant Of LokiBot
Investigating the malware in detail caused the scientists to build up its linkage with LokiBot. In particular, BlackRock doesn’t straightforwardly impersonate LokiBot, rather it takes after additional to the Xerxes Trojan, a LokiBot variation. BlackRock developed online in May 2020 and has since been dynamic in different locales carrying on in an unexpected way. As watched, the malware transcendently focused on European casualties with overlay assaults focusing on bank applications, trailed by Australia, the US, and Canada. Regardless, the assaults likewise focused on different applications, including German vehicle selling administration and Polish online stores and email administrations. By and by, the malware hasn’t showed up on the Google Play Store. Be that as it may, nobody knows when the danger on-screen characters make their entrance on the Play Store to target more clients. Thus, clients ought to stay exceptionally cautious while communicating with any applications or sites offering Android applications.