Page Loader
This malware can steal passwords, card data from 300+ apps

This malware can steal passwords, card data from 300+ apps

Jul 16, 2020
07:39 pm

What's the story

After Joker, a new strain of malware called 'BlackRock' has surfaced on the internet. It affects the Android platform, just like Joker, and is capable of stealing confidential passwords and card data from as many as 337 applications, including some pretty popular ones, ZDNet reported. Here's all you need to know about the malware and its attack.

Malware

Building on existing Android malware strains

Discovered in May by security researchers at ThreatFabric, the BlackRock malware is a trojan that builds on existing malware strains Xerxes, Parasite, MysteryBot, and LokiBot. However, unlike its predecessors, the new strain has been advanced with additional capabilities to target more apps and steal more information, including login credentials - complete with usernames and passwords - and credit/debit card details.

Attack

How the malware attacks?

According to the security firm, BlackRock attacks by showing a fake 'overlay' on top of legitimate apps. When a user interacts with a service, the trojan detects that action and shows a screen, which looks like a part of the app (when it is not) and prompts the target to enter their confidential payment/login data. This information, when submitted, goes to the malware's server.

Details

Overlays can appear on top of several apps

In a report shared with ZDNet, the researchers at the security firm claimed that most of BlackRock's overlays appeared on top of social media, communication, and banking/money transfer apps for the purpose of phishing. But, that does not mean other categories are safe; the overlays also appeared on applications designed for dating, shopping or accessing news, music and entertainment, and productivity services.

Information

Here are some of the targeted apps

Some of the targeted apps mentioned in ThreatFabric's report are Payoneer, PayPal mobile cash, Gmail (!), Yahoo Mail, Microsoft Outlook, Amazon seller, Skrill, Uber, Netflix, Amazon shopping, Binance, YONO Lite SBI, IDBI Bank Go Mobile+, and iMobile by ICICI.

Spread

Spreading via Google update packages

The BlackRock trojan can be injected into smartphones using shady apps rigged with the malware. While any such app has not been spotted on the Google Play Store (which could change in the future), there have been signs of the malware on third-party sites that are trying to distribute it under the guise of seemingly legitimate Google update packages.

Other problems

BlackRock can perform other malicious activities too

That said, along with the phishing attack, BlackRock malware can also perform other critical functions on your phone. This includes things like intercepting text messages, performing SMS floods, spamming contacts with predefined SMSes, launching specific apps, logging key taps to steal passwords or other data, sending out custom push notifications to the infected device, and sabotaging antivirus apps, among other things.