BlackRock Malware steals data from 337 Android apps
20. Juli 2020BlackRock Malware steals data from 337 Android apps
The Hague, July 20, 2020
The Dutch security company ThreatFabric has discovered the malware „BlackRock“. It can pull data from around 337 apps. Your goals include Social, communication and dating apps.
A special feature of this tool is the enormous number of apps that it can access to steal data. One explanation for this is probably the procedure for data theft that is not recognizable to the user. Once BlackRock is installed on a device, the tool monitors and detects when one of the apps it targets is opened. At this point, an „overlay“ appears on the screen that looks like the real app, but is actually fake. Since the user does not recognize this, they enter their login and / or card details and BlackRock sends them to a server.
BlackRock gains root access by asking for Accessibility Service permissions during the initial installation. The Accessibility Services enable an application to interact with other apps. An accessibility app runs in the background and responds to an event in another app, for example by overlaying screen contents or automatically filling in text fields. In addition, the researchers found that the malware could distract the use of antivirus software such as Avast, AVG, BitDefender, Eset, Trend Micro, Kaspersky or McAfee.
BlackRock is not currently in the Play Store and infiltrates devices by offering it as a fake Google Update in third-party stores. ThreatFabric explains: „Once the user has granted the requested Accessibility Service privilege, BlackRock first grants additional permissions. These additional permissions are required so that the bot is fully functional without having to interact with the victim. When done, the bot is ready to receive commands from the C2 server and execute the overlay attacks. „
In addition to the fake overlays, BlackRock can issue keylogging permissions, collect and send SMS, and among other things. Lock screens and capture device information.
The apps targeted by the malware cover the usual financial and social apps, covering the categories books and reference books, business, communication, dating, entertainment, lifestyle, music and audio, news and magazines, tools and video players & editors.
ThreatFabric believes BlackRock is a very robust malware strain. You also cannot see how long BlackRock will be active in the threat landscape. However, the company emphasizes: „The most important aspect to take care of is securing the online banking channels.“
