A new Android malware has been discovered by a team of security researchers that is found to target a list of social, communication, and dating apps. The malware, called BlackRock, is a banking Trojan — derived from the code of the existing Xerxes malware that is a known strain of the LokiBot Android trojan.
BlackRock was first spotted in the Android world in May, according to the analyst team at the Netherlands-based threat intelligence firm ThreatFabric. It is capable of stealing user credentials as well as credit card details.it targets a total of 337 apps, which is significantly higher than any of the already known malicious code. “Those ‘new' targets are mostly not related to financial institutions and are overlayed in order to steal credit card details,” the team at ThreatFabric said in a blog post.
How does malware steal user information?
BlackRock collects user information by abusing the Accessibility Service of Android [An accessibility service is an application that provides user interface enhancements to assist users with disabilities, or who may temporarily be unable to fully interact with a device. Android provides standard accessibility services, including TalkBack, and developers can create and distribute their own services] and overlaying a fake screen on top of a genuine app. One of the overlay screens used for malicious activities is a generic card grabber view that could help attackers gain credit card details of the victim. BlackRock asks users to grant access to the Accessibility Service feature after surfacing as a Google Update. Once granted, it hides its app icon from the app drawer and starts the malicious process in the background. It can also grant other permissions itself after getting the Accessibility Service access.
Extensive target app list
The list of 226 targeted apps specifically for BlackRock's credential theft includes Amazon, Google Play Services, Gmail, Microsoft Outlook, and Netflix, among others. Similarly, there are also 111 credit card theft target apps that include popular names such as Facebook, Instagram, Skype, Twitter, and WhatsApp.
“Although BlackRock poses a new Trojan with an exhaustive target list, looking at previous unsuccessful attempts of actors to revive LokiBot through new variants, we can't yet predict how long BlackRock will be active on the threat landscape,” the researchers said.
Just Give Your Feedback ConversionConversion EmoticonEmoticon