New Android malware can steal your banking credentials, Government warns
What's the story
The cybersecurity agency working for the Government of India has raised alarms over a dangerous new strain of malware on Android. It said that the program, named BlackRock, can compromise your smartphone and steal private data from its apps, including your confidential banking credentials and credit card numbers. Here's all you need to know about it.
Warning
CERT-in warning on BlackRock targeting 300+ apps
In a recently-issued warning, the Computer Emergency Response Team of India (CERT-In) has claimed that BlackRock can steal your data, from login IDs and passwords to credit/debit card details, using over 300 legitimate Android apps. This, the agency says, not only includes banking and financial applications but also non-financial well-known apps that focus on social communication, networking, entertainment, virtual currency, e-commerce, et al.
Information
Here are some of the targeted apps
Some of the targeted apps include Payoneer, PayPal mobile cash, Gmail, Yahoo Mail, Microsoft Outlook, Amazon seller, Skrill, Uber, Netflix, Amazon shopping, Binance, YONO Lite SBI, IDBI Bank Go Mobile+, and iMobile by ICICI.
Attack
How the malware attacks?
BlackRock attacks by showing a fake 'overlay' on top of the targeted legitimate apps. When a user interacts with the service, the trojan detects that action and shows a screen, which looks like a part of the app (when it is not) and prompts the target to enter their confidential payment/login data. This information, when submitted, goes to the malware's server.
Other activities
Other malicious activities can also be performed
Along with stealing data, BlackRock malware can also trigger other critical functions on your phone. This includes things like intercepting text messages, performing SMS floods, spamming contacts with predefined SMSes, launching specific apps, logging key taps to steal passwords or other data, sending out custom push notifications to the infected device, and sabotaging antivirus apps, etc.
Spread
Spreading via Google update packages
According to the CERT-in advisory, BlackRock attacks are active globally through shady apps rigged with malware. Now, even though no such app has been spotted on the Google Play Store (which could change in the future), there have been signs of the malware on third-party sites that are trying to distribute it under the guise of seemingly legitimate Google update packages.
Quote
Using the update guise, it takes permissions
"When the malware is launched, it hides its icon from app drawer and masquerades itself as a fake Google update to request accessibility service privileges," the advisory adds. "Once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function."
Protection
What you can do for protection
To avoid this malware, CERT-in recommends downloading apps only from official sources and avoiding all untrusted platforms. Secondly, even when you use trusted marketplaces, make sure to check app downloads, ratings, and reviews to be sure about the authenticity of the program in question. Lastly, use device encrypted SD cards and do not connect to unknown, unsecured Wi-Fi networks.