This malware emerged in May 2020 and was detected thanks to the good work done by the mobile security company ThreatFabric. These researchers, after hard work, discovered that the source code of the BlackRock malware is based on another malware strain also known as Xerses. What its developers did is improve it with additional features. In this sense, they focused on promoting the theft of the passwords of the apps they used, and also on obtaining the credit card information of those users.
BlackRock works like most Android banking Trojans, except that it targets more apps than most of its predecessors. The Trojan will steal both login credentials (username and passwords), when available, but will also prompt the victim to enter payment card details if the applications support financial transactions so don’t be fooled.
Keep in mind that once the malware is installed on the device by a malicious application contaminated with the BlackRock Trojan, it will ask the user to grant the Accessibility permission of the phone. Thanks to the use of this permission that the victim has granted, he will use it to automate tasks and even perform taps on behalf of the user, so you always have to be careful when giving permissions to an unknown application. The BlackRock malware also uses the accessibility feature to grant itself access to other Android permissions. Then additionally it uses an Android Device Policy Controller to grant itself administrator access to the device or also known as root. However, this threat can:
▸Intercept SMS messages
▸Spam contacts with predefined SMS
▸Launch specific applications
▸Show custom push notifications
▸Sabotage mobile antivirus apps and more
Also check:
Elon Musk – Do not fall for this Scam
Saint bot – A new password stealing threat
Oscorp Malware that attacks Android
