CATEGORIES
home News

BlackRock Android Malware Caught Robbing Private Data From Hundreds Of Popular Apps

by Shane McGlaunThursday, July 16, 2020, 03:27 PM EDT
blackrock malware

New Android malware has surfaced that has an extensive range of data theft capabilities. BlackRock, as the malware is known, has targeted 337 Android applications. The threat was first seen in May and was discovered by security research firm ThreatFabric. According to the research firm, BlackRock is derived from the code of Xerxes banking malware.

Xerxes itself is a strain of the LokiBot Android banking trojan. The code for Xerxes malware was made public around May 2019. The big news for BlackRock is that it has additional features compared to both of its ancestors. Its additional features are particularly focused on the theft of passwords and credit card information.

credentials targets per category

Functionally, BlackRock works just as most Android banking Trojans do, though it's able to target more apps than its predecessors. The malware can steal login credentials, including usernames and passwords, and can prompt victims to enter payment card details if the targeted apps support financial transactions.

According to ThreatFabric, BlackRock uses overlays that are geared towards phishing data from financial and social media/communications apps. There are overlays meant to phish data from other types of applications including apps for dating, news, shopping, productivity, and lifestyle. The full list of features that the malware leverages to steal user data includes:

  • Overlaying: Dynamic (Local injects obtained from C2)
  • Keylogging
  • SMS harvesting: SMS listing
  • SMS harvesting: SMS forwarding
  • Device info collection
  • SMS: Sending
  • Remote actions: Screen-locking
  • Self-protection: Hiding the App icon
  • Self-protection: Preventing removal
  • Notifications collection
  • Grant permissions
  • AV detection

One notable feature of BlackRock is that once an infected app is installed, it asks the user to grant access to the Accessibility feature allowing it to automate tasks and perform taps on the user's behalf. The Trojan is able to perform the following actions once given Accessibility access:

  • Intercept SMS messages
  • Perform SMS floods
  • Spam contacts with predefined SMS
  • Start specific apps
  • Log key taps (keylogger functionality)
  • Show custom push notifications
  • Sabotage mobile antivirus apps, and more

ThreatFabric warns that BlackRock is distributed disguised as a fake Google update package via third-party websites. As of this writing, the trojan hasn't been seen on the official Google Play Store. Earlier this month, the Joker Android malware was seen on the Google Play Store running premium billing scams.

Tags:  Android, Malware, Google, blackrock
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment