23Google’s app review process has always witnessed bypassing by Android malware in different ways. One of the best examples that can be cites is Joker malware. As per the reports a new Android malware has been detected that takes away several important information such as password and credit card details from total of 377 apps which includes some of the most used apps such as Gmail, Netflix, Uber, Amazon etc.
According to the report from ZDNet it has been stated that the name of the malware is “BlackRock”, which has numerous data theft capabilities. This was the first publication which has stated about the malware and has been discovered by mobile security firm ThreatFabric.
How is data stolen by BlackRock?
The functioning of BlackRock malware is very much similar to like any other Android malware. As per the researchers at ThreatFabric, the new BlackRock malware is totally based on the leaked source code of another malware strain Xerxes which in turn is based on other malware strains. More features related to stealing passwords and credit card details are present in the new malware.
As per the report it has also been suggested that the malware steals login credentials including username and passwords) and will then sends prompt to users from where they can enter details of payment for credit card. “Overlay” is the technique through which the trojan collects data. It basically detects when a user interacts with a legitimate app and places a fake window on top that asks for login and credit card details before the user enters the actual app.
As per the statement of ThreatFabric researchers, BlackRock overlays happen towards phishing financial, social media, communications, dating, news, shopping, lifestyle, and productivity apps.
After the installation of the app on a smartphone, the trojan first asks the user to offer access to the phone’s Accessibility feature. It then users the Accessibility feature . To grant itself access to other Android permissions, it uses an Android DPC for getting access to admin. Then this access is used by the malware to display overlays and to collect different details of user and credit card details.
However, researchers at ThreatFabric, state that the BlackRock malware can also perform other intrusive operations. The list is as follows:
–Intercept SMS messages
–Perform SMS floods
–Spam contacts with predefined SMS
–Start specific apps
–Log key taps (keylogger functionality)
–Show custom push notifications
–Sabotage mobile antivirus apps, and more
The reports also claim that BlackRock is distributed as fake Google update packages offered on third-party websites and it has not yet been spotted on the Google Play Store.