Security firm ThreatFabric has warned about the latest BlackRock malware that can steal information from about 377 mobile apps, including Amazon, Twitter, Gmail, and Tinder including passwords and credit card details. As these are very common devices, there has been a very high threat from the BlackRock Android malware.
What is BlackRock Android Malware?
BlackRock is not a new malware. It is actually based on the malware Xeres leaked source code, itself a product of LokiBot malware. The only major distinction between BlackRock and other Trojans is that they will hit more applications than previous malware.
How Does BlackRock Android Malware Work?
BlackRock acts as most malware in Devices. When on a smartphone, the targeted device is tracked. The malware sends information to a server when the user enters the username or credit card data. BlackRock uses the phone’s usability capabilities to provide access to other permissions through Android DPC (Device Policy Controller).
When the malware app is installed, the icon hides from the App drawer, so it is invisible to the users. This also demands rights for accessibility programs. If this right is given, BlackRock gives additional permissions to work entirely without further intervention. At this stage, the bot is ready for commands and overlaying attacks from the command and control server.
BlackRock is not only limited to online banking applications and targets applications of general purpose for many categories including Book & Reference, Business and Communication.
The researchers noted that BlackRock steals account details from PayPal, Gmail, Google Pay, Uber, Yahoo Mail, eBay and Netflix, from 226 applications. And from 111 additional applications like Facebook Messenger, Google Hangouts, Instagram, PlayStation, Reddit, Skype, TikTok, Twitter, WhatsApp and Youtube, the malware steals credit card numbers.