'BlackRock' Android Trojan Malware Can Steal Banking Credentials, Says CERT-In

CERT-In says the malware is deadly as it has the capability to "deflect" majority of antivirus applications.

By Press Trust of India | Updated: 30 July 2020 15:59 IST

'BlackRock' Android Trojan Malware Can Steal Banking Credentials, Says CERT-In

The "BlackRock" Android malware is capable of stealing user credentials from apps

Highlights

CERT-In has issued an advisory with respect to "BlackRock" malware
The Android malware was first spotted in May
CERT-In suggests counter-measures to Android users

The country's cyber security agency has issued an alert against an Android malware, dubbed "BlackRock", that has the potential to "steal" banking and other confidential data of a user. It can extract credentials and credit card information from over 300 apps such as email, e-commerce apps, social media apps, besides banking and financial apps, the CERT-In said in an advisory.

The "attack campaign" of this 'Trojan' category malware is active globally, said the Computer Emergency Response Team of India (CERT-In), the national technology arm to combat cyber-attacks and guard Indian cyberspace. The BlackRock Android malware was initially reported by ThreatFabric earlier this month, and first spotted in May.

"It is reported that a new Android malware strain dubbed 'BlackRock' equipped with data-stealing capabilities is attacking a wide range of Android applications.

New Android Malware Discovered That Can Steal Your Credit Card Details

"The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan," the advisory said.

The "noteworthy feature" of this malware is that its target list contains 337 applications including banking and financial applications, and also non-financial and well-known commonly used brand name apps on an Android device that focus on social, communication, networking and dating platforms, it said.

"It can steal credentials and credit card information from over 300 plus apps like email clients, e-commerce apps, virtual currency, messaging or social media apps, entertainment apps, banking and financial apps etc," the advisory said.

Google Removes 25 Android Apps Caught Stealing Facebook Credentials: Evina

The advisory described the infection activity of the malware.

"When the malware is launched on the victim's device, it hides its icon from app drawer and then masquerades itself as a fake Google update to request accessibility service privileges."

"Once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function further without interacting with user," it said.

WhatsApp Users Targeted by WolfRAT Android Malware: Cisco Researchers

Threat operators can issue a number of commands for various operations such as logging keystrokes, spamming the victims'' contact lists with text messages, setting the malware as the default SMS manager, pushing system notifications to the C2 (command and control) server, locking the victim in the device home screen and steal and hide notifications, send spam and steal SMS messages and many more such activities, the advisory said.

The malware is deadly as it has the capability to "deflect" majority of antivirus applications.

"Another feature of this Android Trojan is making use of 'Android work profiles' to control the compromised device without requiring complete admin rights and instead creating and attributing its own managed profile to gain admin privileges," it said.

Mobile Banking Android Malware Horsing Around in Cyberspace: CERT-In

The federal cyber security agency suggested some counter-measures: do not download and install applications from untrusted sources and use reputed application market only; always review the app details, number of downloads, user reviews and check "additional information" section before downloading an app from play store, use device encryption or encrypt external SD card; avoid using unsecured, unknown Wi-Fi networks among others.

Also, when it comes to downloading banking apps one should use the official and verified version and users should make sure they have a strong AI-powered mobile anti-virus installed to detect and block this kind of tricky malware, the advisory said.

Is Redmi Note 9 the perfect successor to Redmi Note 8? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.