India’s top cyber-security agency, CERT-In, has issued an advisory about the ‘BlackRock’ Android malware. According to researchers, the Trojan can expose banking credentials and other critical data to cyber-criminals. It can extract login credentials and credit card information from a wide range of banking apps. The malware can also steal private data from email apps, e-commerce apps and social media apps, CERT-In warned.
“It is reported that a new Android malware strain dubbed ‘BlackRock’ equipped with data-stealing capabilities, is attacking a wide range of Android application. (sic) It can steal credentials and credit card information from over 300 plus apps like email clients, e-commerce apps, virtual currency, messaging or social media apps, entertainment apps, banking and financial apps etc”, the agency said. To mitigate the threat, CERT-In is advising not to install apps from unknown sources.
BlackRock was originally discovered in May and detailed earlier this month by Netherlands-based cyber-security firm, ThreatFabric. According to ThreatFabric researchers, BlackRock is “derived from the code of the Xerxes banking malware, which itself is a strain of the LokiBot Android banking Trojan”. The Xerxes source code was publicly released by its author around May 2019, making it accessible to any threat actor.
Meanwhile, BlackRock targets 337 Android apps, which is significantly higher than any known malicious code. According to the researchers, when the malware is launched on the victim’s device, it hides its icon from app drawer. It then disguises itself as a Google update to request accessibility service privilege. Once this privilege is granted, it create additional permissions for itself. Those additional permissions allow it to steal data without any further interaction with the user.