We have launched our mobile app, get it now. Call : 9354229384, 9354252518, 9999830584.  

Current Affairs

BlackRock Android malware

Date: 20 July 2020 Tags: IT, Mobile & Computers

Issue

Security firm ThreatFabric has alerted about a new malware, called BlackRock, which can steal information like passwords and credit card information from smartphone applications, including Amazon, Facebook, Gmail and Tinder.

 

Background

BlackRock isn’t a new malware. In fact, it is based on the leaked source code of the Xeres malware, itself derived from a malware called LokiBot. The only big difference between BlackRock and other Android banking trojans is that it can target more apps than previous malware.

 

Details

  • BlackRock works like most Android malware. Once installed on a phone, it monitors the targeted app. When the user enters the login and/or credit card details, the malware sends the information to a server.

  • BlackRock uses the phone’s Accessibility feature and then uses an Android DPC (device policy controller) to provide access to other permissions.

  • When the malware is first launched on the device, it hides its icon from the app drawer, making it invisible to the end-user. It then asks for accessibility service privileges.

  • Once this privilege is granted, BlackRock grants itself additional permissions required to fully function without having to interact any further with the victim.

  • BlackRock isn’t limited to online banking apps and targets general-purpose apps across various categories of Books & Reference, Business, Communication, Dating, Entertainment, Lifestyle, Music & Audio, News & Magazine, Tools, and Video Players & Editors.

  • ThreatFabric says the malware can be used to send and steal SMS messages, hide notifications, keylogging, AV detection, and much more.

  • The new malware is so powerful that it makes antivirus applications useless. The Trojan will redirect the victim to the HOME screen of the device if the victim tries to start or use antivirus software as per a specific list including Avast, AVG, Bitdefender, ESET, Symantec, Trend Micro, Kaspersky, McAfee, Avira etc.

  • Right now, the trojan is yet to be spotted on Google Play Store and is distributed as a fake Google Update on third-party stores.

  • Best way to protect is to download apps only from the Google Play Stores, use strong passwords, beware of spam and phishing emails, use an antivirus app if possible, and check app permissions.