icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

BlackRock alert: New malware can steal passwords and card info from over 300 different Android apps

BlackRock alert: New malware can steal passwords and card info from over 300 different Android apps
Analysts have uncovered a new strain of malware that hides itself from Android users and poses as Google updates, in yet another example of increased hacking activity during the pandemic.

Discovered by mobile security firm ThreatFabric in May, the new malware, dubbed ‘BlackRock’, shares a common ancestry with previous banking trojan malware LokiBot.

LokiBot, considered a dead malware for some time now, infiltrates systems and harvests their information.

In the same vein, BlackRock, which shares a common source code ancestry with LokiBot and affects Android devices, invades victims’ devices once downloaded onto a system.

One of the key differentiating factors is that, instead of only targeting banking apps like previous trojans, BlackRock targets a variety of social networking, communication and dating applications.

Also on rt.com Locked up away from coronavirus, but not from mobile viruses? Number of malicious Android apps double, research reveals

It is thought that the change in target could be down to the fact that, with the world locked up because of Covid-19, hackers have noticed new opportunities for nefarious activity. 

“It therefore seems that the actors behind BlackRock are trying to abuse the growth in online socializing that increased rapidly in the last months due to the pandemic situation,” ThreatFabric’s statement states.

The malware works via ‘overlays’, fake windows placed over legitimate apps that collect login and card data.

Users who download a BlackRock-infected app are then asked to grant it access to the phone's Accessibility feature, which allows it to automate and perform its heinous behaviors.

But that’s not all: such access can also allow the malware to intercept SMS messages, spam contacts, log key taps and even sabotage mobile antivirus apps. The full list of actions can be found in the report.

BlackRock currently disguises itself as fake Google update packages offered on third-party sites, and has yet to be seen on the Google Play app store.

It is usually only a matter of time before such malware migrates, however, as has been documented with past threats.

Also on rt.com Malware hidden in CVs takes advantage of Covid unemployment

Like this story? Share it with a friend!

Dear readers and commenters,

We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system.

Sorry for the inconvenience, and looking forward to your future comments,

RT Team.