New Android Malware Now Steals Passwords For Non-Banking Apps Too
New Android malware that is capable of stealing not only online banking details, but also sensitive data from other, non-banking apps has recently been discovered and dubbed BlackRock. The Trojan is capable or recording data from 337 different apps including social networking, cryptocurrency, dating, and other applications. BlackRock was discovered and named by ThreatFabric researchers. Its source code comes from Xerxes banking malware, which is a strain of LokiBot Android banking Trojan that first appeared back in 2016. The changes that were made to BackRock include an increased app target list. This means that the parasite can not only record keystrokes, but also hijack users’ notifications, intercept SMS messages, and steal user credentials from a larger number of targeted applications.
In order to steal personal data, BlackRock exploits Android’s Accessibility Service privileges by using fake Google updates to gain user permissions. It then grants itself additional permissions to set a connection with a remote server, which can be used to inject overlays on the login and payment screens of the targeted app. The bogus overlays trick users into thinking that they enter their data into the legitimate applications. This type of overlays have been used all over the world including Europe, USA, Canada, Australia, and more. The list of targeted shopping, business, communication, and other apps includes popular services like Facebook, Instagram, TikTok, Skype, Twitter, Netflix, eBay, Amazon, PlayStation, Reddit, Tumblr, and many more.
This, of course, is not the first time that malware has exploited Android’s Accessibility feature, which was originally developed to assist users with disabilities. Any application can ask for permission to implement features like screen reading, changing sizes and colors, enhancing sound, and so on. Cyber criminals, however, have found a way to use this feature to their advantage. TrickBot campaign, also known as TrickMo, which has been released earlier this year, targeted only German users. It abused the Accessibility feature by injecting one-time passwords, mobile TAN, and pushTAN codes. Another baking malware called EventBot stole private data from financial apps, hijacked SMS-based two-factor authentication codes, read user SMS messages, and more.
BlackRock differs from the previous infections because of the number of apps it can target. It does not limit itself to banking or any other type of apps, which makes it that much more dangerous. In addition to that, the parasite is very good at staying hidden on the device as it does not get detected by all antivirus tools.
Cyber security threats use different methods to infiltrated smartphones. They often gain access to the system through malign apps that look like legitimate programs or updates. Often these are well-known apps like Microsoft Word or Adobe Flash. Applications downloaded from the official app store are safe (in most cases), however, apps acquired from third-party sources can easily be malicious. Unfortunately, sometimes fake apps can make their way to the Play Store as well, but they are quickly detected and removed. Another possibility to infect your device may come from app developers who use illegal development tools that contain malicious code capable of stealing private data or damaging the device itself. In addition to that, there is still the threat of malware travelling in spam email attachments, text messaging phishing techniques, and unsafe public Wi-Fi networks.
As there is a number of ways you can infect your smartphone, it is important to stay careful on the Internet visiting and downloading software only from reliable domains. It is also a good idea to have reputable anti-malware installed on the device, so that you can browse the Web in a more secure way.