BlackRock Malware in India: Android malware often bypasses Google’s app review process. A few days back, we heard about the dangerous ‘Joker’ Malware which affected 24 apps on Google Play Store. Now, a new malware named BlackRock has been identified that is stealing bank data. This malware has victimized a total of 337 Android apps. This dangerous malware is stealing information about bank accounts from apps like Gmail, Amazon, Netflix, and Uber. Mobile security firm ThreatFabric was the first to identify about BlackRock Malware. According to a report by ThreatFabric, this malware acts like other banking Trojans. It not only steals users’ login credentials (username and password) but also encourages them to enter payment card details. ThreatFabric said – Also Read - Researchers Find Malware Which Steals Social Media Cookies
“We believe that the threat actors / operators behind the Trojan have observed the increase in usage of online services during the pandemic situation and decided to abuse it. Dating apps, communication apps, social network apps, video apps, secondhand market apps and cryptocurrency apps… many of those have been included in the target list in addition to the banking apps. The target list of non-financial apps contains famous applications such as but not limited to Tinder, TikTok, PlayStation and Tumblr.” Also Read - Cybercriminals Exploit Public Fear of Rising Coronavirus Cases Through Malware & Phishing
BlackRock malware steals data just like any other malware. This malware is based on the leaked source code of another malware known as ‘Strain Xerxes’. BlackRock is used to steal users’ data during login to an app. For example, if you are logging in to a banking app in your phone by entering user ID and password, then this malware records it. BlackRock starts hiding its icons from the app drawer as soon as it hits your device. After this, users are unable to find out which app they are having trouble with. As a second step, it gives you the accessibility feature of the phone and asks for full access to the phone in the name of Google Update. It takes access to the message, camera, gallery, etc. from the user and gives fake Google update notifications to them. This leads hackers to keep getting information about what you do on the phone. Also Read - Nuclear Power Corporation of India confirms its network was hacked, a day after denying it
The technique with which the malware steals data is called overlays. Under this technique, malware apps login with users account detail on a fake web page. Whereas, the user considers it to be the original page.
Things BlackRock Malware can do on your system:
- SMS change
- Fake SMS delivery
- Contact spam
- Able to open any app
- Able to record typing keyboard
- Show bogus push notifications
- Mobile antivirus app ads show
Last year, the Google Play Store was flooded with Joker Malware. Now a new report by Check Point Research reveals a new type of Joker malware named Joker Dropper and Premium Dialer spyware. The report states that this latest Joker malware is able to download additional malware to the device. Once downloaded on the phone, the malware subscribes the user to premium services without their knowledge or consent.