Security researchers just found a new Android malware that affects mostly banking apps, and it is called “BlackRock.”
According to ThreatFabric, BlackRock's icon is always hidden when launched on a mobile device. After that, it acts as a Google update for access to users' Accessibility Service. As soon as it gains access to the privileges, it grants itself more permission. This gives allows it to communicate with its C&C (command-and-control) server so it can make overlay attacks.
When it gets to this stage, the Malware checks to know the application that runs on that target's foreground. BlackRock then has the chance to deploy one of its dual overlays. The overlays include the one that particularly mimicked any of the applications of its target, or a generic credit card snatcher.
The Modus Operandi Of BlackRock Malware
Interestingly, BlackRock malware targets apps related to banking operations in the United States, Europe, Canada, and Australia are its main target. Even with them as its primary target, this malware also went after lifestyle, communication, dating, and even social applications.
According to ThreatFabric's research, almost all trending dating and social applications are in the app. This choice of actor is likely due to this pandemic, which made people socialize more online. The actors have also likely made an effort to include dating applications, although it was rarely seen on the list.
The analysis of ThreatFabric revealed that the latest arrival of BlackRock is to revive LokiBot. The initial appearance of this threat was on the threat landscape between 2016 and 2017 with several attack campaigns. It includes the one that deployed Ransomware anytime a user tried to remove it. The moment LokiBot's source code was revealed online; it died down. Even at that, it still performed a number of attack operations that happened as recently as the month of May in 2019.
How To Avoid BlackRock Malware
The emergence of this malware should give users more reason to download applications only from official marketplaces and trusted developers. Smartphone users should be cautious of applications that require ‘excess' permission. And you should also protect your bank accounts with some sort of two-factor authentication or something stronger.