337 Android apps are currently targeted by a new strain of malware that just recently appeared in the criminal world; it comes together with a wide range of data theft capabilities that allow it to remain undetected why stealing personal data. 

Also Read: SAFETY HACKS; Top 3 Alternatives to Google, Chrome, Twitter, and Other Popular Apps and Sites

Also Read: [UPDATE] UIA Plane Crash UPDATE: Ukraine Rejects Iran's Claim Suggesting "Human Mistake" is the Cause of the Tragedy

The new Android malware was discovered by a mobile security firm ThreatFabric in May, as reported by ZDNet. Although the new malware has enhanced additional features, especially the side that allows the hackers to steal credit card information and user passwords, the security researchers confirmed that it was based on the leaked source code of another malware strain. 

It mainly focuses on targeting Apps compared to its other predecessors, but BlackRock still works like most Android banking Trojans. The Android malware waits for the victim to enter his/her payment card details if the app used supports financial transactions. However, it also can steal login credentials, such as usernames and passwords. 

ThreatFabric explained that the new malware uses a technique called "overlays" to identify a user who tries to interact with a legitimate app. The victim's login credentials and card data is collected by a fake window that will appear on top before the user access the legitimate app. 

Most of the BlackRock overlays are used for phishing financial and social media/communications apps; only a small portion of the overlays is used for phishing data from new, shopping, productivity, lifestyle, and dating apps. The new Android malware seems to create serious privacy risks, but, it isn't unique BlackRock uses old, tried, and tested techniques just like most Android malware.  

Why is BlackRock undetected?

ThreatFabric provided the following sets of features embedded by BlackRock to remain undetected while stealing personal information from its victims.

  • Keylogging*SMS harvesting: SMS forwarding
  • SMS harvesting: SMS listing*SMS: Sending*Overlaying: Dynamic (Local injects obtained from C2)*Device info collection
  • Self-protection: Hiding the App icon*Self-protection: Preventing removal
  • Remote actions: Screen-locking
  • Grant permissions
  • AV detection
  • Notifications collection

Once the Android malware is installed, users are asked to grant BlackRock access to the device's Accessibility feature, which can be used to perform taps on the user's behalf and automate tasks, making it one of the most powerful features of the Android's operating system. Accessibility feature allows the Android malware to access the admin system of the device using Android DPC (device policy controller or "work profile." ThreatFabric added that BlackRock can also perform other intrusive operations: 

  • Sabotage mobile antivirus apps, and more
  • Intercept SMS messages
  • Perform SMS floods
  • Log key taps (keylogger functionality)
  • Show custom push notifications
  • Spam contacts with predefined SMS
  • Start specific apps

Also Read: Twitter Bitcoin Hack: Here's a Shocking Info That Twitter Tries to Hide

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion