HomeNewsBlackRock malware deployed to hijack banking apps

BlackRock malware deployed to hijack banking apps

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
cyberghost vpn ad

Security researchers just found a new Android malware that affects mostly banking apps, and it is called “BlackRock.”

According to ThreatFabric, BlackRock's icon is always hidden when launched on a mobile device. After that, it acts as a Google update to access users' Accessibility Service.

As soon as it gains access to the privileges, it grants more permission. This allows it to communicate with its C&C (command-and-control) server to make overlay attacks.

When it reaches this stage, Malware checks to determine the application that runs on that target's foreground. BlackRock then has the chance to deploy one of its dual overlays.

The overlays include the one that particularly mimicked any of the applications of its target or a generic credit card snatcher.

The Modus Operandi Of BlackRock Malware

The Modus Operandi Of BlackRock Malware

Interestingly, BlackRock malware targets apps related to banking operations in the United States, Europe, Canada, and Australia are its main target. Even with them as its primary target, this malware also went after lifestyle, communication, dating, and social applications.

According to ThreatFabric's research, almost all trending dating and social applications are in the app. This choice of actor is likely due to this pandemic, which made people socialize more online. The actors have also likely tried to include dating applications, although it was rarely seen on the list.

The analysis of ThreatFabric revealed that the latest arrival of BlackRock is to revive LokiBot. The initial appearance of this threat was on the threat landscape between 2016 and 2017, with several attack campaigns.

It includes the one that deployed Ransomware anytime a user tried to remove it. The moment LokiBot's source code was revealed online, it died down. Even at that, it still performed several attack operations as recently as May 2019.

How To Avoid BlackRock Malware

The emergence of this malware should give users more reason to download applications only from official marketplaces and trusted developers.

Smartphone users should be cautious of applications that require ‘excess' permission. And you should also protect your bank accounts with some sort of two-factor authentication or something stronger.

How To Avoid BlackRock Malware

Frequently Asked Questions

What is BlackRock malware?

BlackRock is a type of malware specifically designed to target Android smartphones. It falls under banking malware, which aims to steal your banking apps' financial information and login credentials.

READ ALSO: Benefits Of Core Banking Solutions

What is Android banking malware?

Android banking malware is malicious software created to target Android operating system users. These programs often disguise themselves as legitimate apps and lurk in the background, waiting to steal your banking login details and credit card information or even intercept SMS messages containing two-factor authentication codes.

How do I remove hidden malware from my phone?

If you suspect your phone is infected with BlackRock malware or any other type of malware, here are some steps you can take:

  • Run a security scan: Most antivirus apps offer scans to detect and remove malware. Run a full scan on your device and follow the app's instructions to quarantine or remove any threats found.
  • Boot into Safe Mode: Booting into Safe Mode prevents third-party apps from running. This can help you identify if a downloaded app is the culprit. In Safe Mode, you can then uninstall any suspicious applications.
  • Factory Reset: A factory reset might be necessary if other methods fail. This will erase all your data and settings, so back up your phone beforehand. After the reset, only install apps from trusted sources like the Google Play Store.

Has BlackRock been hacked?

No, BlackRock itself is not a hacked program. It's the malware itself that hackers use to try and steal information from your phone.

Is BlackRock a computer virus?

While the terms are sometimes interchangeable, BlackRock is more accurately classified as malware. A computer virus can replicate itself and spread from device to device, whereas BlackRock requires user interaction (downloading an infected app) to spread.

What is malware in banking?

Banking malware is a specific malware designed to target your financial information. These programs can steal login credentials for online banking apps, credit card details you enter while shopping online, or intercept SMS messages containing two-factor authentication codes for secure logins.

Hackers can steal your money or make unauthorized transactions by compromising your banking security.

Note: This was initially published in July 2020, but has been updated for freshness and accuracy.


About the Author:

Cybersecurity Expert at SecureBlitz | + posts

Fiorella Salazar is a cybersecurity expert, digital privacy advocate, and VPN evangelist based in Canada. She holds an M.Sc. in Cybersecurity from a Canadian university. She is an avid researcher and frequent contributor to several cybersecurity journals and magazines. Her mission is to raise awareness about the importance of digital privacy and the benefits of using a VPN. She is the go-to source for reliable, up-to-date information on VPNs and digital privacy.

Managing Editor at SecureBlitz | Website | + posts

Meet Angela Daniel, an esteemed cybersecurity expert and the Associate Editor at SecureBlitz. With a profound understanding of the digital security landscape, Angela is dedicated to sharing her wealth of knowledge with readers. Her insightful articles delve into the intricacies of cybersecurity, offering a beacon of understanding in the ever-evolving realm of online safety.

Angela's expertise is grounded in a passion for staying at the forefront of emerging threats and protective measures. Her commitment to empowering individuals and organizations with the tools and insights to safeguard their digital presence is unwavering.


Delete Me
Incogni Black Friday Ad
Heimdal Security ad


Please enter your comment!
Please enter your name here