Every so often a new and more dangerous malware appears on Android. Today’s turn is for the Trojan dubbed BlackRock, which is responsible for extracting passwords and data from bank cards. Something that some people are not very aware of is the unimaginable amount of Malicious Programs that can be created very quickly and that is why we see this new Android Malware.
This new malware emerged in May of this year, and has been detected thanks to the good work done by the mobile security company ThreatFabric. These researchers, after hard work, have discovered that the source code of the BlackRock malware is based on another malware strain also known as Xerses. What its developers did is improve it with additional features. In this sense, they focused on promoting the theft of passwords for the apps they used, and also on obtaining the credit card information of those users.
This one has an important peculiarity that differentiates it from the others, and that is that it points to more applications than its predecessors. In this case, it indicates that it tries to steal data from 337 Android apps, which indicates its great potential and the obvious risk that we could have if our smartphone becomes infected. BlackRock uses the accessibility feature to reach other Android permissions and then occupies an Android DPC (device policy controller, also known as a work profile) to grant itself administrator access to the device.
What side effects does BlackRock have?
▸Launch specific applications
▸Perform SMS floods
▸Spam contacts with predefined SMS
▸Sabotage mobile antivirus apps and more
▸Intercept SMS messages
▸Show custom push notifications
▸Registration Keystrokes (Keylogger)
Once the malware is installed on the device by a malicious application contaminated with the BlackRock Trojan, it will ask the user to grant it the Accessibility permission of the phone. Thanks to the use of this permission that the victim has granted, he will use it to automate tasks and even perform taps on behalf of the user. Right now, BlackRock malware is being distributed under the guise of fake Google update packages, offered on third-party sites. Fortunately, this malicious software has not been detected in the Google Play Store.
[…] infections derived from the use of the Tor browser.Learn more about other types of Malware here:BlackRock – New Malware Roughly DangerousTypes of Malware Attacks that we can run intoDrovorub – A Malware based on Linux […]