BlackRock malware steals password, credit card details from 337 Android apps

BlackRock Android malware steals crucial data from 337 apps including Gmail, Netflix, Amazon (Image: ThreatFabric)

Android malware has often found its ways to bypass Google’s app review process. One of the well-known examples is Joker malware. A new Android malware has been discovered that steals data such as password and credit card details from 337 apps including some of the popular ones like Gmail, Amazon, Netflix, Uber, and more.

The malware that goes by the name BlackRock comes with data theft capabilities, a report from ZDNet stated. The publication was the first to report about malware and discovered by mobile security firm ThreatFabric.

How does BlackRock steal user details?

BlackRock malware functions just like any other Android malware. According to researchers at ThreatFabric, the BlackRock malware is based on the leaked source code of another malware strain Xerxes which in turn is based on other malware strains. The new malware is enhanced with more features related to stealing passwords and credit card details.

The report suggests that the malware steals login credentials including username and passwords) and sends prompt to users to enter payment credit card details.

The trojan collects data through a technique called “overlays”. It basically detects when a user interacts with a legitimate app and places a fake window on top that asks for login and credit card details before the user enters the actual app.

ALSO READ | What is Joker malware that affected apps on Google Play store?

ThreatFabric researchers say BlackRock overlays happen towards phishing financial, social media, communications, dating, news, shopping, lifestyle, and productivity apps.

Know the apps the malware targets here

Once the app is installed on a smartphone, the trojan first asks the user to grant access to the phone’s Accessibility feature. It then users the Accessibility feature to grant itself access to other Android permissions. Then uses an Android DPC for access to admin. The malware then uses this access to display overlays to collect user credentials and credit card details.

Researchers at ThreatFabric, however, say the BlackRock malware can also perform other intrusive operations. The list is as follows:

–Intercept SMS messages
–Perform SMS floods
–Spam contacts with predefined SMS
–Start specific apps
–Log key taps (keylogger functionality)
–Show custom push notifications
–Sabotage mobile antivirus apps, and more

The report states that BlackRock is distributed as fake Google update packages offered on third-party websites and has not been spotted on Google Play Store yet.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.

© IE Online Media Services Pvt Ltd