A new malware called BlackRock can steel information like passwords and credit card information from about 377 smartphone apps. Some of the apps include Amazon, Facebook, Gmail or Tinder. The malware is limited to Android and since these are some of the most popular apps, the threat posed is quite high.
It is said that BlockRock isn’t a new malware. It is actually based on the source code of the Xeres malware (which was initially derived form LokiBot). This malware however targets more apps on an Android phone than the previous ones.
How does it work?
Just like other malware on the phone, once installed, it monitors the targeted app and when the user enters a user ID or Credit Card details, it sends this information back to the server. BlackRock is said to use the phone’s Accessibility feature and Android Device Policy Controller if it requires other permissions. When the app is installed, its icon is hidden so that the end user cannot see it. It then asks for accessibility permissions. Once these permissions are granted, it can grant itself all the other permissions that it requires. Once all the permissions are acquired, the app no longer needs user intervention – so it works in the background to execute overlay attacks.
Remember that, BlackRock is not limited to the online banking apps. It targets all kinds of apps like: Books & Reference, Business, Communication, Dating, Entertainment, Lifestyle, Music & Audio, News & Magazine, Tools, and Video Players & Editors.
ThreatFabric says the malware can be used to send and steal SMS messages, hide notifications, keylogging, AV detection, and much more.
Will Antivirus help?
BlackRock is powerful. It makes even the most powerful antivirus fail to detect or clean it. It redirects the victim to the home screen if any of the known antivirus software are used as per a specific list: Avast, AVG, Bitdefender, ESET, Symantec, Trend Micro, Kaspersky, McAfee, Avira, and even applications to clean Android devices, such as TotalCommander, SD Maid or Superb Cleaner. (As per ThreatFabric blog)
So, how do we protect our phones?
The Trojan is as of now distributed as a fake Google Update on third party stores – so be sure to download apps only from Google’s Play Store. Another thing to remember is to beware of phishing emails and use a strong antivirus. Also, check your app permissions and do not grant permissions without understanding what apps you are downloading and why!
Image Credit: https://www.digit.in/