Written byShubham Sharma
Here's all you need to know about the malware and its attack.
Discovered in May by security researchers at ThreatFabric, the BlackRock malware is a trojan that builds on existing malware strains Xerxes, Parasite, MysteryBot, and LokiBot.
However, unlike its predecessors, the new strain has been advanced with additional capabilities to target more apps and steal more information, including login credentials - complete with usernames and passwords - and credit/debit card details.
According to the security firm, BlackRock attacks by showing a fake 'overlay' on top of legitimate apps.
When a user interacts with a service, the trojan detects that action and shows a screen, which looks like a part of the app (when it is not) and prompts the target to enter their confidential payment/login data.
This information, when submitted, goes to the malware's server.
In a report shared with ZDNet, the researchers at the security firm claimed that most of BlackRock's overlays appeared on top of social media, communication, and banking/money transfer apps for the purpose of phishing.
But, that does not mean other categories are safe; the overlays also appeared on applications designed for dating, shopping or accessing news, music and entertainment, and productivity services.
Some of the targeted apps mentioned in ThreatFabric's report are Payoneer, PayPal mobile cash, Gmail (!), Yahoo Mail, Microsoft Outlook, Amazon seller, Skrill, Uber, Netflix, Amazon shopping, Binance, YONO Lite SBI, IDBI Bank Go Mobile+, and iMobile by ICICI.
The BlackRock trojan can be injected into smartphones using shady apps rigged with the malware.
While any such app has not been spotted on the Google Play Store (which could change in the future), there have been signs of the malware on third-party sites that are trying to distribute it under the guise of seemingly legitimate Google update packages.
That said, along with the phishing attack, BlackRock malware can also perform other critical functions on your phone.
This includes things like intercepting text messages, performing SMS floods, spamming contacts with predefined SMSes, launching specific apps, logging key taps to steal passwords or other data, sending out custom push notifications to the infected device, and sabotaging antivirus apps, among other things.
Love Science news?
Subscribe to stay updated.