This malware can steal passwords, card data from 300+ apps
What's the story
After Joker, a new strain of malware called 'BlackRock' has surfaced on the internet. It affects the Android platform, just like Joker, and is capable of stealing confidential passwords and card data from as many as 337 applications, including some pretty popular ones, ZDNet reported. Here's all you need to know about the malware and its attack.
Malware
Building on existing Android malware strains
Discovered in May by security researchers at ThreatFabric, the BlackRock malware is a trojan that builds on existing malware strains Xerxes, Parasite, MysteryBot, and LokiBot. However, unlike its predecessors, the new strain has been advanced with additional capabilities to target more apps and steal more information, including login credentials - complete with usernames and passwords - and credit/debit card details.
Attack
How the malware attacks?
According to the security firm, BlackRock attacks by showing a fake 'overlay' on top of legitimate apps. When a user interacts with a service, the trojan detects that action and shows a screen, which looks like a part of the app (when it is not) and prompts the target to enter their confidential payment/login data. This information, when submitted, goes to the malware's server.
Details
Overlays can appear on top of several apps
In a report shared with ZDNet, the researchers at the security firm claimed that most of BlackRock's overlays appeared on top of social media, communication, and banking/money transfer apps for the purpose of phishing. But, that does not mean other categories are safe; the overlays also appeared on applications designed for dating, shopping or accessing news, music and entertainment, and productivity services.
Information
Here are some of the targeted apps
Some of the targeted apps mentioned in ThreatFabric's report are Payoneer, PayPal mobile cash, Gmail (!), Yahoo Mail, Microsoft Outlook, Amazon seller, Skrill, Uber, Netflix, Amazon shopping, Binance, YONO Lite SBI, IDBI Bank Go Mobile+, and iMobile by ICICI.
Spread
Spreading via Google update packages
The BlackRock trojan can be injected into smartphones using shady apps rigged with the malware. While any such app has not been spotted on the Google Play Store (which could change in the future), there have been signs of the malware on third-party sites that are trying to distribute it under the guise of seemingly legitimate Google update packages.
Other problems
BlackRock can perform other malicious activities too
That said, along with the phishing attack, BlackRock malware can also perform other critical functions on your phone. This includes things like intercepting text messages, performing SMS floods, spamming contacts with predefined SMSes, launching specific apps, logging key taps to steal passwords or other data, sending out custom push notifications to the infected device, and sabotaging antivirus apps, among other things.