icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
17 Jul, 2020 12:48

BlackRock alert: New malware can steal passwords and card info from over 300 different Android apps

BlackRock alert: New malware can steal passwords and card info from over 300 different Android apps

Analysts have uncovered a new strain of malware that hides itself from Android users and poses as Google updates, in yet another example of increased hacking activity during the pandemic.

Discovered by mobile security firm ThreatFabric in May, the new malware, dubbed ‘BlackRock’, shares a common ancestry with previous banking trojan malware LokiBot.

LokiBot, considered a dead malware for some time now, infiltrates systems and harvests their information.

In the same vein, BlackRock, which shares a common source code ancestry with LokiBot and affects Android devices, invades victims’ devices once downloaded onto a system.

One of the key differentiating factors is that, instead of only targeting banking apps like previous trojans, BlackRock targets a variety of social networking, communication and dating applications.

Also on rt.com Locked up away from coronavirus, but not from mobile viruses? Number of malicious Android apps double, research reveals

It is thought that the change in target could be down to the fact that, with the world locked up because of Covid-19, hackers have noticed new opportunities for nefarious activity. 

“It therefore seems that the actors behind BlackRock are trying to abuse the growth in online socializing that increased rapidly in the last months due to the pandemic situation,” ThreatFabric’s statement states.

The malware works via ‘overlays’, fake windows placed over legitimate apps that collect login and card data.

Users who download a BlackRock-infected app are then asked to grant it access to the phone's Accessibility feature, which allows it to automate and perform its heinous behaviors.

But that’s not all: such access can also allow the malware to intercept SMS messages, spam contacts, log key taps and even sabotage mobile antivirus apps. The full list of actions can be found in the report.

BlackRock currently disguises itself as fake Google update packages offered on third-party sites, and has yet to be seen on the Google Play app store.

It is usually only a matter of time before such malware migrates, however, as has been documented with past threats.

Also on rt.com Malware hidden in CVs takes advantage of Covid unemployment

Like this story? Share it with a friend!