New Android Malware BlackRock Targets Massive List of Common Android Apps | Cyware Alerts


When a banking trojan variant expands its playing field to non-financial apps, things may get pretty frightening. Something similar happened with this new malware which expanded its scopefrom its predecessor banking trojan Lokibot—to target major non-financial apps, including chat, dating, gaming, and social media apps.

Introducing BlackRock, the trickster trojan

Recently, ThreatFabric researchers released a report about their findings on Android banking trojan – BlackRock. First identified in May 2020, BlackRock can steal credentials and credit card information from a list of 337 financial, networking, communication, dating, and social apps.
  • BlackRock poses as a fake Google Update to request ‘accessibility service’ privileges and hide its icon after infecting a device.
  • Once the privileges are obtained, BlackRock grants itself additional permissions, so it can fully function without requiring any further user interaction.
  • Its features include the ability to perform overlay attacks, act as a keylogger, spam and steal SMS messages, push system notifications to the C2 server, and deflect usage of antivirus or system cleaning software.

A long list of targeted apps

BlackRock campaigns have been going on for a longer period, and it has now come with an extended credential theft target list.

BlackRock’s list of 226 apps targeted for credential theft includes Gmail, Microsoft Outlook, Google Play, Uber, Amazon, eBay, Netflix, Cash App, as well as multiple cryptocurrency wallet apps such as Coinbase, Binance, and Coinbase, and banks like Santander, Barclays, Royal Bank of Scotland, Lloyds, ING, and Wells Fargo, and many more.

The credit card theft target list contains 111 applications including but not limited to Twitter, Skype, Snapchat, Telegram, WhatsApp, Instagram, Facebook, Play Store, YouTube, VK, Reddit, TikTok, Mamba, Tinder, Badoo, and Grindr among others.

Origin of the malware

The malware has been derived from the code of the Xerxes banking malware (released in May 2019), which itself is a strain of the LokiBot Android banking trojan. BlackRock is the only known Android banking trojan based on the leaked source code of the Xerxes trojan at the moment.



Source link

Recent articles

15:30:45:60 – A Wait Time Discussion of Magic Kingdom

Editor’s Note: Some of the images that are displayed throughout this article were taken prior to the establishment of any new operational guidelines...

US: Trump’s attacks on mail-in votes could cost Republicans | News

With less than 90 days until election day, Republicans are scrambling to counter the effects of United States President Donald Trump's verbal war...

TUI adopts ‘partner-friendly’ airline strategy amid Condor speculation | News

TUI Group’s ambition to have fewer assets on its balance sheet means its airline operations will become more “partner-friendly”, according to the European...

Horizon Zero Dawn Complete Edition sees PC release today – PlayStation.Blog

Horizon Zero Dawn Complete Edition launches today for PC. Horizon Zero Dawn is set in a stunning post-post-apocalyptic world you can lose yourself...

Google Threat Analysis Group took down ten influence ops in Q2 2020Security Affairs

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken...

Marvel’s Avengers – New Gameplay Today Live

After years of anticipation, Marvel's Avengers is almost here. But before we get to the full release of Crystal Dynamics' take on Earth's...

Leave a reply

Please enter your comment!
Please enter your name here