New Android malware BlackRock and the damage it can cause: 5 things to know
This new Android malware called BlackRock can steal credit card data and passwords from almost 337 apps including Uber, Gmail and Snapchat.
We have told you about BlackRock, the new Android malware that can steal data from at least 337 Android apps. This malware was spotted in May this year for the first time and its list of potential targets includes popular apps like Snapchat, Gmail, Uber etc.
Discovered by mobile security company ThreatFabric, here are 5 important things you need to know about this malware:
1. The BlackRock malware is based on the leaked source code of another malware strain called Xerxes. However, unlike what it’s based on, BlackRock has been upgraded with features that can steal credit card credentials and passwords.
2. It can target more Android apps than all its predecessors - 337 so far. And these include popular apps like Gmail, Uber, Twitter, Snapchat, Instagram, etc along with dating apps, shopping, lifestyle, news and productivity apps as well. The full list of the apps that BlackRock can target can be seen here.
3. BlackRock uses a method called ‘overlays’ to trick users into filling in their log-in details and card details to start using a legitimate app. These overlays are fake windows that pop up when a user is trying to log into an app.
4. Most of BlackRock’s overlays are concentrated on phishing social media, communication and financial apps. Once installed in the device, BlackRock gets the affected apps to ask the user to grant access to the phone’s Accessibility features. On Android, Accessibility features are very powerful as they can be used to automate and perform tasks on behalf of the user.
5. BlackRock uses this to grant itself access to other Android permission and uses the Android DPC (device policy controller) to get admin access and create overlays. This malware can key log, harvest SMS, send SMS, collect device information, lock screens remotely, hide app icons etc.
This malware is currently being distributed in the guise of fake Google update packages offered by third party sites, but going by how Android malwares work, it should reach the Google Play Store soon.