Researchers at ThreatFabric, a mobile security firm has found a new Android malware called BlackRock, which is targeting about 337 apps to steal sensitive data from victims. Further, the app is also seen to be scarping exfiltrating credit card details, intercepting messages, popping up notifications, etc.
BlackRock Malware Found Stealing Data From 337 Android apps
Android malwares have been growing along with the number of users growing every day. This makes the adversaries focus more on creating android malwares to take advantage of the growing base. Today, as ZDNet reported, ThreatFabric researchers have discovered a new malware strain called BlackRock, which was found to be targeting about 337 android apps of various categories to steal sensitive data from users.
Researchers say the app is distributed through third-party websites as a Google Update and needs to be downloaded. And when did, it instead asks for root permissions like the Accessibility allowance. Accessibility is Android handsets give the app root access, and moreover, it can let the author automate tasks and perform various tasks without the user’s knowledge.
Further, as decoded by researchers, BlackRock uses a known technique called “overlay”, where it waits for the user to open a victimized app, and pops up a window asking to login via credentials for access.
Soon after submitting the details, they’re transported to hacker’s server and the user is then allowed to access the underlying app. Besides, it also checks for banking or shopping apps to show a fake payment page to lodge credit card data too.
Though it’s using a common technique to steal data, it stands out because of using a wider range of apps for its campaign. The wide range includes apps from financial and social media, instant messengers, dating, news, shopping, lifestyle, and productivity apps.
This malware is seemed to be crafted using a leaked source code of another similar malware but was added with many features to enhance the data-stealing capabilities. Besides stealing data, it can also spam contacts with predefined SMS, do SMS floods, intercept SMS messages, keylogging, show custom push notifications and even disable mobile antivirus apps.
More to read: