New Android malware - Black Rock could steal banking credentials
By MYBRANDBOOK
A team of security researchers have recently discovered a new Android malware Black Rock. It is a banking Trojan derived from the code of the existing Xerxes malware that is a known strain of the LokiBot Android Trojan.
However, despite being a banking Trojan, the malicious code is said to target non-financial apps. It pretends to be a Google Update at first, though after receiving user permissions, it hides its icon from the app drawer and starts the action for bad actors.
BlackRock was first spotted in the Android world in May, according to the analyst team at the Netherlands-based threat intelligence firm ThreatFabric. It is capable of stealing user credentials as well as credit card details.
Although the capabilities of the BlackRock malware are similar to those of average Android banking Trojans, it targets a total of 337 apps, which is significantly higher than any of the already known malicious code. “Those ‘new' targets are mostly not related to financial institutions and are overlayed in order to steal credit card details,” the team at ThreatFabric said in a blog post.
The malware is said to have the design to overlay attacks, send, spam, and steal SMS messages as well as lock the victim in the launcher activity. It can also act as a keylogger, which essentially could help a hacker to acquire financial information. Furthermore, the researchers have found that the malware is capable of deflecting usage of antivirus software such as Avast, AVG, BitDefender, Eset, Trend Micro, Kaspersky, or McAfee. According to ThreatFabric, BlackRock collects user information by abusing the Accessibility Service of Android and overlaying a fake screen on top of a genuine app. One of the overlay screens used for malicious activities is a generic card grabber view that could help attackers gain credit card details of the victim.
The malware can also bring a specific per-targeted app for credential phishing. BlackRock asks users to grant access to the Accessibility Service feature after surfacing as a Google Update. Once granted, it hides its app icon from the app drawer and starts the malicious process in the background. It can also grant other permissions itself after getting the Accessibility Service access and can even use Android work profiles to control a compromised device.
The list of 226 targeted apps specifically for BlackRock's credential theft include Amazon, Google Play Services, Gmail, Microsoft Outlook, and Netflix, among others. Similarly, there are also 111 credit card theft target apps that include popular names such as Facebook, Instagram, Skype, Twitter, and WhatsApp.
“Although BlackRock poses a new Trojan with an exhaustive target list, looking at previous unsuccessful attempts of actors to revive LokiBot through new variants, we can't yet predict how long BlackRock will be active on the threat landscape,” the researchers said.
Google hasn't provided any clarity on how it would handle the scope of BlackRock. Having said that users are recommended to stay away from installing apps from any unknown source or grant permissions to an odd app.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
TALLY SOLUTIONS PVT. LTD.
NUMERIC INDIA, A Group Brand Legrand
ZOHO CORPORATION PVT. LTD.
CP PLUS INDIA PVT. LTD.
Technology Icons Of India 2023: Ashwini Vaishnaw
Ashwini Vaishnaw is an Indian politician and former IAS officer and is...
Technology Icons Of India 2023: Josh Foulger
Josh is the Country Head of India and MD of Bharat FIH Ltd (A Foxconn ...
Technology Icons Of India 2023: Honorary Prof. N. Balakrishnan
Prof. N. Balakrishnan is an Indian aerospace and computer scientist. H...
BSE provides highly secure, efficient and transparent market for trading
BSE (formerly known as Bombay Stock Exchange Ltd.) is Asia's first & t...
HPCL is transforming the energy landscape, across the nation and beyond
HPCL is world-class energy company known for caring and delighting the...
BBNL empowering rural India digitally
BBNL provide high speed digital connectivity to Rural India at afforda...
R P TECH INDIA
R P Tech is recognized for its diverse products portfolio, value-add...
IRIS GLOBAL SERVICES PVT. LTD.
Iris Global services is one of the leading distribution houses that d...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...