BlackRock Android malware has been spotted online and can reportedly steal personal user data from over 337 popular Android apps such as Gmail, Netflix, Amazon, Instagram and more. BlackRock is a new type of banking malware that steals personal information but is different from other such malware as it targets social networking, shopping and dating apps as well as essential apps such as Gmail and Outlook.
BlackRock was discovered in May 2020 by ThreatFabric analysts who found out that this new malware was based on the Xerses banking malware that comes from the family of LokiBot banking trojan malwares. In its report, ThreatFabric states that the source code of Xerses was made public back in May 2019 and so the malware was essentially accessible to anyone who could tweak its features and release it. BlackRock has undergone changes and has an increased target list of apps that include many popular non-financial apps. Usually, banking malware targets only financial apps.
BlackRock banking malware disguises itself as fake Google Updates notifications that pop-up on the users phone. The malware makes its icon disappear from the app drawer and asks for Accessibility permissions. Once the user grants the privileges, Google Update pop-up messages start to appear with the bot granting itself the rest of the administrator permissions it needs to fully function.
After this, the malware can conduct overlay attacks and can steal sensitive information such as login credentials, banking details and more. There are as many as 337 apps that this malware targets and this is something that hasn’t been observed before with banking malware. It cannot be detected by any mobile anti-virus as it doesn't let the user open any security apps such as Avast, AVG, BitDefender, Eset, Symantec, TrendMicro, Kaspersky, McAfee, Avira and other such apps.
BlackRock targets Yahoo Mail, Microsoft Outlook, Gmail, Hotmail, Uber, Netflix, eBay, Amazon, Telegram, WhatsApp, Twitter, Snapchat, Skype, Instagram, Facebook Messenger, YouTube, Reddit, Pinterest, Google Pay, Tinder, banking and payments apps and more.
The BlackRock Android malware is being distributed by third-party websites and hasn’t been spotted on the Play Store yet. So as a measure of precaution, its recommended not to visit untrusted websites.