ThreatFabric, an Amsterdam, Netherlands-based mobile security company, has recently revealed that a new “strain” of malware called “BlackRock” has emerged to threaten Android OS users. The malware is loaded with additional code that enables it to make its way into Android phones via apps and steal personal information including bank card details and passwords.
Taking to Twitter, ThreatFabric noted that BlackRock is a banking Trojan. In its report, the mobile security firm also highlighted that the malware could latch itself onto approximately 337 apps, including Gmail and Uber, which are widely available on PlayStore.
“The #Trojan is based on the infamous LokiBot that includes overlays for widely used dating, social, communication, crypto and financial apps,” ThreatFabric noted.
Here is the categories of other apps that the malware could align with and mine the personal information of Android users.
New Android #Trojan called #BlackRock will steal both login credentials (username and passwords), where available, but also prompt the victim to enter payment card details if the apps support financial transactions.@ThreatFabric @SputnikInt pic.twitter.com/71IYvCdNR9— Radhika Parashar (@_RadhikaReports) July 17, 2020
According to ThreatFabric, which first spotted the malware in May, BlackRock’s data collection happens through a method called “overlays”. The process involves detecting when a user is attempting to interact with an app and displaying a fake window on the top of the screen. That fake window gathers the login details and other information before letting the user really begin using the main app.
Once installed on a device via any of the 337 apps, BlackRock uses an infected app to seek “Accessibility” permissions of the device to get started.
The Trojan is being scattered in the Android space disguised as fake update packages offered by third party sites. It has not been found in the PlayStore as yet.
According to US-based market research firm International Data Corporation, 90 percent of India’s smartphones operate on Android OS, exposing Indians also to the risks of the BlackRock Trojan.