A new Android malware called ‘BlackRock’ was discovered two weeks back. This malware can steal data from at least 337 Android apps. CERT-In has now issued an alert against the BlackRock malware.
This was first reported by researchers at ThreatFabric who found that the BlackRock malware is capable of stealing sensitive data like passwords and credit card information. BlackRock is actually an updated version of the Xerxes malware strain with more features to steal user information.
It is reported that a new Android malware strain dubbed ‘BlackRock’ equipped with data-stealing capabilities is attacking a wide range of Android applications. The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan,” CERT-In said in an advisory.
BlackRock targets 337 Android apps and most of them are popular ones which are widely used. It also covers most of the app categories like dating, shopping, lifestyle and productivity. Some of these apps that BlackRock can target include Gmail, Uber, Twitter, Snapchat and Instagram.
It’s difficult to identify this malware since it starts by hiding its icon from the phone’s app drawer once it’s launched. It then takes advantage of the phone’s Accessibility Service privileges. It will prompt a Google update with permissions like receiving notifications from the app. Once the user grants permission, the malware will grant itself additional permissions. After this the malware will be able to function without any requirements from the user.
CERT-In has issued some precautionary measures to help avoid this BlackRock malware. This can be applied for any other malware as well. Users need to make sure not to install any apps from untrusted sources and use reputed application markets only. Review the app details, number of downloads, user reviews and additional information before downloading any app.
