BlackRock malware detects when a user interacts with a legitimate application and places a fake window at the top asking for login and credit card information before the user enters the real application.
Android malware has often found a way to bypass Google's app review process. One of the known examples is Joker malware. A new Android malware was discovered that steals data like password and credit card details from 337 apps, including some of the most popular ones, like Gmail, Amazon, Netflix, Uber and more.
The malware known as BlackRock comes with data theft capabilities, according to a ZDNet report. The post was the first to report malware and was discovered by mobile security company ThreatFabric.
Android malware has often found a way to bypass Google's app review process. One of the known examples is Joker malware. A new Android malware was discovered that steals data like password and credit card details from 337 apps, including some of the most popular ones, like Gmail, Amazon, Netflix, Uber and more.
The malware known as BlackRock comes with data theft capabilities, according to a ZDNet report. The post was the first to report malware and was discovered by mobile security company ThreatFabric.
How does BlackRock steal user details?
BlackRock malware works like any other Android malware. According to ThreatFabric researchers, BlackRock malware is based on leaked source code from another strain of Xerxes malware which in turn is based on other malware strains. The new malware has been enhanced with more features related to stealing passwords and credit card details.
The report suggests that the malware steals login credentials (including username and passwords) and sends a notification to users to enter their payment credit card details.
The Trojan collects data through a technique called "overlays." Basically, it detects when a user interacts with a legitimate app and places a fake window on top that asks for login and credit card information before the user enters the actual app.
Once the application is installed on a smartphone, the Trojan first asks the user to grant access to the Accessibility feature of the phone. Then use the Accessibility feature to grant yourself access to other Android permissions. Then use an Android DPC to access the administrator. The malware then uses this access to display overlays to collect users' credentials and credit card details.
However, ThreatFabric researchers say BlackRock malware can also perform other intrusive operations. The list is as follows:
–Intercept SMS messages
–Perform SMS floods
–Spam contacts with predefined SMS
–Start specific apps
–Log key taps (keylogger functionality)
–Show custom push notifications
–Sabotage mobile antivirus apps, and more
–Perform SMS floods
–Spam contacts with predefined SMS
–Start specific apps
–Log key taps (keylogger functionality)
–Show custom push notifications
–Sabotage mobile antivirus apps, and more
The report indicates that BlackRock is distributed as bogus Google update packages offered on third-party websites and has yet to be seen on the Google Play Store.
Also Read :
You Need to Delete These 16 Apps From Your Android Phone Right Now
An article By Munna Suprathik
0 Comments
Post a Comment
Hi guys feel free to ask any questions 0r suggestions