A leading source of news has reported that android a new malware has been discovered that steals credentials from banking apps. The said malware has been found by a skilled team of security researchers that is now known as the BlackRock.
This kind of malware has been found targeting communication, social, and dating applications, and more. It is a banking Trojan that is said to be derived from Xerxes malware’s code, which is a recognized exertion of the LokiBot Android trojan.
The malicious code is banking Trojan, and yet it has only been targeting non-financial apps. The system pretends to appear on the phone as a Google update; in the beginning, once it acquires users’ permission, it automatically hides from the app drawer its icon without leaving any trace behind. Now, when it is set in its place, it allows the hackers to begin their looting.
The malware was first identified in May in the world of Android, says the team of analysts based in the Netherlands. The unit comes from a threat intelligence based firm called ThreatFabric. They suggested that the malware is adequate for stealing credentials of users as well as their credit/debit card details.
BlackRock malware targets a total number of three hundred and thirty-seven apps, which is a significant number given that other malicious codes of such nature don’t have the same capabilities as this particular one. Targetted apps include Amazon, Gmail, Google Play Services, Netflix, Microsoft Outlook, and many more.
“In the case of BlackRock, the features are not very innovative, but the target list has an extensive international coverage and it contains quite a lot of new targets which haven’t been seen being targeted before,” the researchers noted in the blog post.
The malware is very similar to average Android banking trojans
“Those ‘new’ targets are mostly not related to financial institutions and are overlayed to steal credit card details,” the team at ThreatFabric said in a blog post.
The team from ThreatFabric also identified the patterns of the malware. It is said to be designed in such a way that it overlays attacks, steal SMS messages, and send spams. It also seems to lock the user whose phone is hacked in the launcher activity.
The malware may also pretend as a keylogger, which means that the hackers get easy access to the codes and financial information of the victim. The malware can even reportedly surpass security checks of antivirus software such as Avast, AVG, BitDefender, Eset, Trend Micro, Kaspersky, or McAfee.
How does BlackRock steal user information?
According to the team of analysts from ThreatFabric, this particular malware also opts for a way to overlay the actual screen. In this specific condition, the malware collects information from the user by exploiting the ‘Accessibility Service’ of Android. After that, it overlays a bogus screen as a cover on a legitimate app.
Generic card grabber view, an overlay screen that can be handled for malicious activities, may assist hackers in obtaining details from banking apps, too, which is extremely dangerous considering the sensitivity of the information.
“Although BlackRock poses a new Trojan with an exhaustive target list, looking at previous unsuccessful attempts of actors to revive LokiBot through new variants, we can’t yet predict how long BlackRock will be active on the threat landscape,” the researchers said.
Have you noticed some above mentioned unusual activities on your android phone? Let us know in the comment section below.
For more news and updates, stay tuned to Brandsynario.