Written byShubham Sharma
It said that the program, named BlackRock, can compromise your smartphone and steal private data from its apps, including your confidential banking credentials and credit card numbers.
Here's all you need to know about it.
In a recently-issued warning, the Computer Emergency Response Team of India (CERT-In) has claimed that BlackRock can steal your data, from login IDs and passwords to credit/debit card details, using over 300 legitimate Android apps.
This, the agency says, not only includes banking and financial applications but also non-financial well-known apps that focus on social communication, networking, entertainment, virtual currency, e-commerce, et al.
Some of the targeted apps include Payoneer, PayPal mobile cash, Gmail, Yahoo Mail, Microsoft Outlook, Amazon seller, Skrill, Uber, Netflix, Amazon shopping, Binance, YONO Lite SBI, IDBI Bank Go Mobile+, and iMobile by ICICI.
BlackRock attacks by showing a fake 'overlay' on top of the targeted legitimate apps.
When a user interacts with the service, the trojan detects that action and shows a screen, which looks like a part of the app (when it is not) and prompts the target to enter their confidential payment/login data.
This information, when submitted, goes to the malware's server.
Along with stealing data, BlackRock malware can also trigger other critical functions on your phone.
This includes things like intercepting text messages, performing SMS floods, spamming contacts with predefined SMSes, launching specific apps, logging key taps to steal passwords or other data, sending out custom push notifications to the infected device, and sabotaging antivirus apps, etc.
According to the CERT-in advisory, BlackRock attacks are active globally through shady apps rigged with malware.
Now, even though no such app has been spotted on the Google Play Store (which could change in the future), there have been signs of the malware on third-party sites that are trying to distribute it under the guise of seemingly legitimate Google update packages.
"When the malware is launched, it hides its icon from app drawer and masquerades itself as a fake Google update to request accessibility service privileges," the advisory adds. "Once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function."
To avoid this malware, CERT-in recommends downloading apps only from official sources and avoiding all untrusted platforms.
Secondly, even when you use trusted marketplaces, make sure to check app downloads, ratings, and reviews to be sure about the authenticity of the program in question.
Lastly, use device encrypted SD cards and do not connect to unknown, unsecured Wi-Fi networks.
Love Science news?
Subscribe to stay updated.