Be aware of fake Google update packages, as currently, the most dangerous Android malware BlackRock is being distributed in the guise of fake Google update packages. So you should avoid downloading and installing updates of your Android apps via third-party websites. Some third-party websites are offering fake Google updates which contain the malware. This new malware is so powerful that it can make all antivirus applications useless. By the way, third-party websites offer plenty of safe applications.
But there’s also a higher possibility they might offer dangerous ones. These websites can corrupt your mobile device with harmful code like ransomware. Fortunately, BlackRock has not reached up to Google PlayStore yet.
It may reach to the Google Play Store soon.
What is Android malware BlackRock?
A new Android malware has been discovered by a team of security researchers, ThreatFabric analysts. This new Android malware called BlackRock. This Android malware BlackRock, an Android banking Trojan, is an upgraded version of another Android malware called Xerxes. This isn’t a new strain of malware, it is derived from a malware called LokiBot. This BlackRock malware can target more apps in comparison to previous malware.
Source code of the BlackRock malware is derived from the existing Xerxes banking malware. The Xerxes banking malware is a known strain of the LokiBot Android banking Trojan. This new Android malware BlackRock equipped with more enhanced features can steal credit card data and credentials such as usernames and passwords from almost 337 apps including:-
- Yahoo Mail
- Financial Apps
- Social Media Apps like Facebook Messenger, Twitter, Instagram, WhatsApp, Facebook, Facebook Lite
- Dating Apps
- Lifestyle Apps
- Productivity Apps
- Google Hangouts
- Google Pay
BlackRock can steal your login credentials including password and username. If the infected app gives permission for monetary transactions, it can also hoax users’ in sharing their debit or credit details.
Basic Info BlackRock Android malware
- New Android malware BlackRock
- Spotted In May 2020
- Discovered by ThreatFabric analysts
- Steals Data at least Android 337 Apps
- Based on the leaked
- Source code of strain Xerxes
How does BlackRock Android malware work
BlackRock does it work like the most Android malware. After installed on the device, the malware hides from the app drawer that makes the malware invisible to the users’ eye. When any user enters the information about credit card details or login details, the malware sends the details of the user to the desired server. BlackRock makes use of the phone’s Accessibility feature and Android DPC (device policy controller) to grant access to other permissions. It keeps track of the targeted app: –
1. Android’s Accessibility
In first, malware BlackRock controls Android’s Accessibility feature. After installing in the device, BlackRock searches the affected apps to ask the user to provide access to the phone’s Accessibility. BlackRock casually asks users for Access service privileges. Once the privileges are allowed then it automatically gives itself access to other most important permissions.
After installation, the malware starts to monitor the target apps. Whenever, you enter any sensitive information like passwords, usernames, banking application login details, it automatically sends these details to the hacker’s server. Accessibility features of Android are very powerful and can be used to automate and perform tasks by the user.
After controlling it, BlackRock uses device policy controller (DPC) to create overlays and get admin access to a phone for performing a wide range of automated tasks including –
- SMS interception/harvest SMS / send and steal SMS
- Logging key taps
- Device info collection
- AV detection
- hide notifications
- Lock screen remotely
- Spam contact with predefined messages
- Self-protection: Hiding the app icons
2. By Overlays Trick
BlackRock uses a method called “overlays”. When a user starts to fill card details and log-in details for the legitimate app, fake windows pop up to steal data by overlays trick. After the installation in your device, the malware will start to make the applications infected. The infected applications to ask the users to allow the Accessibility features of their mobile. After giving permission, the app can easily access your device.
Overlays are fake windows, they pop up whenever you will try to log in to the app. For recording the data entered by the user, BlackRock pops up a fake overlay to fool the end-user. This new Android Malware’s overlays are focussed on phishing social media, financial apps and communication.
How to protect your phone from BlackRock malware
You should be alert about new Android malware and don’t install fake Google update packages via third-party websites.
Don’t download any updates or apps any unauthorized websites.
Only precautions can prevent your device from being harmful.
- You should download apps only from the Google Play Stores with checking app permission.
- You should be alert of phishing emails and spam.
- Use a strong password and antivirus app.
I have described above the BlackRock, the most dangerous Android malware.
BlackRock Android malware is an enhanced version / upgraded malware of Xerxes.
It also presents details of what and how does BlackRock Android malware work.