Page Loader
New Android malware can steal your banking credentials, Government warns

New Android malware can steal your banking credentials, Government warns

Jul 30, 2020
11:43 pm

What's the story

The cybersecurity agency working for the Government of India has raised alarms over a dangerous new strain of malware on Android. It said that the program, named BlackRock, can compromise your smartphone and steal private data from its apps, including your confidential banking credentials and credit card numbers. Here's all you need to know about it.

Warning

CERT-in warning on BlackRock targeting 300+ apps

In a recently-issued warning, the Computer Emergency Response Team of India (CERT-In) has claimed that BlackRock can steal your data, from login IDs and passwords to credit/debit card details, using over 300 legitimate Android apps. This, the agency says, not only includes banking and financial applications but also non-financial well-known apps that focus on social communication, networking, entertainment, virtual currency, e-commerce, et al.

Information

Here are some of the targeted apps

Some of the targeted apps include Payoneer, PayPal mobile cash, Gmail, Yahoo Mail, Microsoft Outlook, Amazon seller, Skrill, Uber, Netflix, Amazon shopping, Binance, YONO Lite SBI, IDBI Bank Go Mobile+, and iMobile by ICICI.

Attack

How the malware attacks?

BlackRock attacks by showing a fake 'overlay' on top of the targeted legitimate apps. When a user interacts with the service, the trojan detects that action and shows a screen, which looks like a part of the app (when it is not) and prompts the target to enter their confidential payment/login data. This information, when submitted, goes to the malware's server.

Other activities

Other malicious activities can also be performed

Along with stealing data, BlackRock malware can also trigger other critical functions on your phone. This includes things like intercepting text messages, performing SMS floods, spamming contacts with predefined SMSes, launching specific apps, logging key taps to steal passwords or other data, sending out custom push notifications to the infected device, and sabotaging antivirus apps, etc.

Spread

Spreading via Google update packages

According to the CERT-in advisory, BlackRock attacks are active globally through shady apps rigged with malware. Now, even though no such app has been spotted on the Google Play Store (which could change in the future), there have been signs of the malware on third-party sites that are trying to distribute it under the guise of seemingly legitimate Google update packages.

Quote

Using the update guise, it takes permissions

"When the malware is launched, it hides its icon from app drawer and masquerades itself as a fake Google update to request accessibility service privileges," the advisory adds. "Once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function."

Protection

What you can do for protection

To avoid this malware, CERT-in recommends downloading apps only from official sources and avoiding all untrusted platforms. Secondly, even when you use trusted marketplaces, make sure to check app downloads, ratings, and reviews to be sure about the authenticity of the program in question. Lastly, use device encrypted SD cards and do not connect to unknown, unsecured Wi-Fi networks.