CERT-In, India’s cybersecurity organization, has given an advisory warning to individuals about an Android malware that can “steal” banking and other confidential information of a client.
Named as “BlackRock”, the most critical element of this Android malware is that its objective list contains 337 applications that incorporate banking and money related applications, just as non-financial and popularly usually used brand name applications on an Android gadget that focus on social, communication, networking and dating stages.
“It can steal credentials and credit card information from over 300 plus apps like email clients, e-commerce apps, virtual currency, messaging or social media apps, entertainment apps, banking, and financial apps, etc.,” the Computer Emergency Response Team of India (CERT-In) said in a warning.
“The attack campaign of this ‘Trojan’ category virus is active globally. It is reported that a new Android malware strain dubbed ‘BlackRock’ equipped with data-stealing capabilities is attacking a wide range of Android applications. The malware is developed using the source code of Xerxes banking malware which itself is a variant of Lockbolt Android Trojan.”
The BlackRock Android malware was first seen in May by an analyst team at the Netherlands-based threat intelligence firm, ThreatFabric.
“When the malware is launched on the victim’s device, it hides its icon from the app drawer and then masquerades itself as a fake Google update to request accessibility service privileges. Once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function further without interacting with the user,” CERT-In included.
Attackers can perform numerous orders for different tasks, for example, logging keystrokes, sending spam and steal SMS messages, setting the malware as the default SMS manager, spamming the victims’ contact records with instant messages, pushing system notifications to the C2 (command and control) server, locking the victim in the gadget home screen and steal and hide notifications, and a few such exercises.
The malware is fatal as it can “deflect” a lot of the anti-virus applications.
The CERT-In has proposed countermeasures to shield from this malware. “Do not download and install applications from untrusted sources and use only reputed application markets. Always review the app details, number of downloads, user reviews, and check ‘additional information section before downloading an app from play store, use device encryption or encrypt external SD card and avoid using unsecured, unknown Wi-Fi networks,” it said.
The organization likewise prescribed clients to download just the official and verified version of banking apps and utilize a solid AI-powered mobile antivirus installed on to identify and prevent this sort of dubious malware.