Head up Android users! A new Android trojan is active in the wild that pilfers your information. Dubbed BlackRock, this Android malware targets hundreds of applications to steal data.
BlackRock Android Malware
Researchers from ThreatFabric have found a new Android malware in the wild, which they call BlackRock.
Sharing the details in a blog post, the researchers have revealed that the malware possesses robust data-stealing capabilities. It can pilfer users’ sensitive details, apart from login credentials, such as credit card data.
Moreover, it also aims at stealing a huge amount of information as it targets 337 unique Android applications. These apps belong to various categories including banking apps, social media apps, and more. This is something not common with other existing banking Trojans.
In brief, when the malware reaches the device, it first hides its icon to stay invisible. Then, it poses as other services, such as fake Google update, and asks the user permission to access the Accessibility Service.
Once received, the malware then automatically gains other permissions to access other apps. Now the malware can perform any action on the device without user interaction.
Some of these actions include sending SMS, SMS spamming, change SMS manager, keylogging, run apps, copying push notifications to the C&C, dismissing push notifications, and requesting admin privileges.
Moreover, to steal precise information, it also performs overlay attacks. That is, tricking the victim to enter login credentials or other data in fake app screens impersonating any of the target apps.
Whereas, to gain admin privileges, it abuses the Android work profiles.
Malware Seems A Variant Of LokiBot
Analyzing the malware in detail made the researchers establish its linkage with LokiBot. Specifically, BlackRock doesn’t directly mimic LokiBot, rather it resembles more to the Xerxes Trojan, a LokiBot variant.
BlackRock emerged online in May 2020 and has since been active in various regions behaving differently. As observed, the malware predominantly targeted European victims with overlay attacks targeting bank apps, followed by Australia, the US, and Canada.
Nonetheless, the attacks also targeted other apps, including German car-selling service and Polish online stores and email services.
Presently, the malware hasn’t appeared on the Google Play Store. However, no one knows when the threat actors make their entry on the Play Store to target more users. Hence, users should remain very careful while interacting with any apps or websites offering Android apps.