Criminals continue to find new ways to try to steal data from our mobile devices, and the most recent method is Android malware Able to locate 337 applications.
Such as ZDNet reportThe malware is called BlackRock and was discovered by the security company ThreatFabric. BlackRock is not completely new, but is derived from the source code leaked by Xeres malware, which is a variant of the LokiBot banking Trojan. BlackRock’s biggest concern is that it can target a large number of applications that attempt to steal data.
Once installed on the device, BlackRock will monitor and detect when one of the legitimate applications it targets opens. At that time, an “overlay” will pop up on the screen, which looks like a legitimate application, but is actually fake. There is no doubt that the user entered their login name and/or card details, and BlackRock sent it to the server while also returning the user to a legitimate application.
BlackRock obtained root user access by requesting accessibility service privileges during the first installation. Currently, it is not in the Play Store, but penetrates into the device through fake Google updates in third-party stores. Such as ThreatFabric explained, “Once the user grants the requested accessibility service privileges, BlackRock grants them other permissions. These additional permissions are necessary for the robot to function normally without further interaction with the victim. After completion, the robot can function normally Worked to receive commands from the C2 server and perform an overlay attack.”
In addition to fake overlays, BlackRock can also perform keyloggers, grant permissions, SMS collection and sending, screen lock, device information collection, notification collection, AV detection, and can hide its application icons and prevent itself from being deleted. The applications targeted by the malware cover the usual financial and social applications, but its network has also been expanded to include books and reference, business, communications, dating, entertainment, lifestyle, music and audio, news and magazines, tools and videos Players and other categories and editors.
Obviously, BlackRock is a very powerful malware, but it has not yet appeared in the Google Play store, the keyword is “yes”. ThreatFrabric concluded: “We cannot yet predict how long BlackRock will be active in the threat field,” but then said, “The most important aspect to take care of is to ensure the security of online banking channels, making fraud difficult to enforce, so it is not Criminals are encouraged to create more malware.”
Mobile app review
to request modification Contact us at Here or [email protected]