BlackRock trojan on Android: steal card data

BlackRock is the name of the new threat which undermines users of smartphones Android: the malware is capable of stealing passwords and data cards through well 337 applications.

BlackRock trojan on Android: steal card data

BlackRock hits 337 apps

Mobile security firm ThreatFabric has found a new Android malware strain called BlackRock. Emerged in May of this year, the trojan – which has hit 337 apps – is equipped with a whole series of dangerous features, which allow it to steal data and passwords from the unfortunate.

BlackRock works like most Android banking Trojans , except that it targets more applications than most banking malware seen so far.

One of the aspects that differentiate BlackRock from its predecessors is its target; it contains an important number of social, networking, communication and dating applications. So far, many of these applications have not been observed in the target of other banking Trojans. It seems, therefore, that those who move the ranks of BlackRock want to take advantage of the growth of online socialization, which has increased rapidly in recent months due to the pandemic.

Unfortunately, BlackRock is capable of stealing login credentials (username and password), also requiring the victim to enter payment card details , if the apps support financial transactions. As you can see in the following screenshot, the most dangerous trojans present themselves as fake Google updates and so does BlackRock:

Once installed on a device, a malicious app contaminated with the BlackRock trojan asks the user to grant him access to the phone’s Accessibility feature , which can be used to automate tasks and even perform touches on behalf of the user.

According to the ThreatFabric report, BlackRock can also perform other intrusive operations, such as:

  • Read the SMS
  • Run SMS floods
  • Spam with predefined SMS
  • Launch specific apps
  • Keylogger
  • Show custom push notifications
  • Sabotage mobile antivirus applications

At the moment, ThreatFabric analysts  are unable to predict how long BlackRock will remain active in the malware landscape so, unfortunately, we must be ready to expect everything and be careful to give permissions to third-party and suspicious sites.

The second half of 2020 will come with other surprises: after Alien, Eventbot and BlackRock we must expect the criminals, motivated by financial factors, to create new banking Trojans, continuing to perfect the existing ones.

Source: threatfabric