BlackRock – No it is not a name of new liquor, but its a new Android Malware (Android Virus) which was discovered by researchers at ThreatFabric. According to the researchers this new Malware has wide range of data theft capabilities, allowing it to target whopping 337 android applications.
The researchers have confirmed that the malware was based on the leaked source code of the existing malware known as “Xerxes” which was itself based on the strain or leaked code of other malware. However, the new BlackRock malware has new enhanced capabilities and additional features dealing with “User passwords” & “Credit Card” Information.
Regarding its functionality BlackRock still works like the previous banking trojans that came earlier, the only difference between its predecessors and the current version is that, it can target more applications compared to its predecessors.
BlackRock will steal both login credentials, in other words it will steal both “Username/Email” and “Password”. Also it will prompt victim or user to enter their payment details, if the app support financial transactions.
How BlackRock Malware collects the data?
As per the researchers in the organization ThreatFabric, the data is collected with the help of technique called “Overlays”. This feature/technique displays fake window over the top of legitimate app and then steals the user data.
In other words, if you use or interact with original payment application then this malware will display fake window on top of that original application, that window will steal your user login credentials or payment details, before allowing user to enter the data into original application.
According to ThreatFabric researchers, vast majority of BlackRock Malware overlays are focused on targeting the financial data & social media/communication apps.
However, there are also overlays, which are targeted towards phishing data from Dating Apps, News, Shopping, Lifestyle and Productivity based Android applications.
The Basic Working..
BlackRock Malware is not unique and under the cover it just works like any other old malware, to show that ThreatFabric Researchers has explained its basic working.
Once installed on any Android phone/device the application injected with BlackRock malware ask user to grant phone’s accessibility feature. The Accessibility feature in the Android is one of the most powerful feature, as it can automate the tasks on device and it can be even used to perform “Screen taps” on user’s behalf.
The malware uses this feature to grant itself all the necessary permissions, and uses Android’s Device Policy Controller, to give itself the rights of Administrator of the device. Then it uses the admin level rights to show the malicious “Overlays”.
ThreatFabric confirmed that the malware can even perform intrusive operations/tasks such as:
- Intercepting the SMS
- Performing the SMS flood (Spamming by sending SMS Repeatedly)
- Launch specific applications
- Log all the key tap that users do (Keylogger functionality)
- It is even able to show custom Push Notifications
- Finally, it can Sabotage/Disable the Antivirus application and do many more things..
Distribution of Malware – How it is happening?
Currently, the BlackRock Malware is disguised as a fake Google Update package and is distributed via third-party websites. It has not been yet spotted on the official Google Play Store. But, in past, The malware that came before BlackRock always found a way to bypass the “Application Review” process of Google and there is no doubt that it will happen this time too and sooner or later we will see the BlackRock Malware injected applications on Play Store.