CERT-In, India’s cybersecurity agency, has issued an advisory warning people about an Android malware that has the potential to “steal” banking and other confidential data of a user.
Dubbed as “BlackRock”, the most significant feature of this Android malware is that its target list contains 337 applications that include banking and financial applications, as well as non-financial and popularly commonly used brand name apps on an Android device that concentrate on social, communication, networking and dating platforms.
“It can steal credentials and credit card information from over 300 plus apps like email clients, e-commerce apps, virtual currency, messaging or social media apps, entertainment apps, banking, and financial apps, etc,” the Computer Emergency Response Team of India (CERT-In) said in an advisory.
“The attack campaign of this ‘Trojan’ category virus is active globally. It is reported that a new Android malware strain dubbed ‘BlackRock’ equipped with data-stealing capabilities is attacking a wide range of Android applications. The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan.”
The BlackRock Android malware was first spotted in May by an analyst team at the Netherlands-based threat intelligence firm, ThreatFabric.
“When the malware is launched on the victim’s device, it hides its icon from app drawer and then masquerades itself as a fake Google update to request accessibility service privileges. Once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function further without interacting with user,” CERT-In added.
Attackers can perform many commands for various operations such as logging keystrokes, sending spam and steal SMS messages, setting the malware as the default SMS manager, spamming the victims’ contact lists with text messages, pushing system notifications to the C2 (command and control) server, locking the victim in the device home screen and steal and hide notifications, and several such activities.
The virus is fatal as it can “deflect” many of the anti-virus applications.
The CERT-In has suggested countermeasures to protect from this malware. “Do not download and install applications from untrusted sources and use only reputed application markets only. Always review the app details, number of downloads, user reviews, and check ‘additional information section before downloading an app from play store, use device encryption or encrypt external SD card and avoid using unsecured, unknown Wi-Fi networks,” it said.
The agency also recommended users to download only the official and verified version of banking apps, and use a strong AI-powered mobile antivirus installed on to detect and prevent this kind of tricky malware.
