A new Android malware has been identified ant it is quite powerful as it can steal data from an impressive number of 337 Android apps. The malware received the name of BlackRock, and it was identified for the first time in May 2020 by a mobile security company.
According to security analysts, he malware is an enhanced version of a previous malware strain known under the name of Xerxes. One of the biggest changes was represented by the ability to identify and collect user passwords and credit card details.
BlackRock is far from being the first banking trojan, but it can target an impressive number of apps, a trait that makes it far more dangerous. In most cases, the trojan will seek to collect usernames and passwords, but if the app is also used for payments, the credit card details will be recorded.
An overlay method is employed as the trojan will display a fake window on top of the one where payment data is entered. The user will have to interact with the window to continue, and valuable data will be collected before the users can interact with the actual app.
Targeting social media
According to information provided by the security company that identified the malware, most BlackRock overlays are optimized for phishing activities related to social media and banking apps. However, it is also able to gather information from dating, shopping, and lifestyle apps besides others.
Once an infected app is installed on the device, it will ask the user for access to the Accesibility feature. If access is granted, BlackRock can use the Accessibility feature to obtain permissions and installs an Android Device Policy Controller to receive full administrator rights on the device.
At this point, the malware spreads via fake Google update packs, but it could find its way to the Play Store in the future.