Context

Security firm ThreatFabric has alerted about a new malware, called BlackRock, which can steal information like passwords and credit card information from about 377 smartphone applications, including Amazon, Facebook, Gmail, and Tinder.

About

• BlackRock is not exactly a new malware. It is based on the leaked source code of the Xeres malware, itself derived from a malware called LokiBot.
• The only big difference between BlackRock and other Android banking trojans is that it can target more apps than previous malware.
• According to the ThreatFabric, the malware can be used to send and steal SMS messages, hide notifications, keylogging, AV detection, and much more.
• The new malware is so powerful that it makes antivirus applications useless.
• BlackRock isn’t limited to online banking apps and targets general-purpose apps across various categories of Books & Reference, Business, Communication, Dating, Entertainment, Lifestyle, Music & Audio, News & Magazine, Tools, and Video Players & Editors.

How does it work?

• Once installed on a phone, it monitors the targeted app. When the user enters the login and/or credit card details, the malware sends the information to a server.
• BlackRock uses the phone’s Accessibility feature and then uses an Android DPC (device policy controller) to provide access to other permissions.
• When the malware is first launched on the device, it hides its icon from the app drawer, making it invisible to the end-user. It then asks for accessibility service privileges.
• Once this privilege is granted, BlackRock grants itself additional permissions required to fully function without having to interact any further with the victim. At this point, the bot is ready to receive commands from the command-and-control server and execute overlay attacks.

Protection from BlackRock Android malware

• Download apps only from the Google Play Stores, use strong passwords, beware of spam and phishing emails, use an antivirus app if possible, and check app permissions.