Friday, January 15, 10:05
Home security BlackRock malware: It can steal passwords from 337 applications

BlackRock malware: It can steal passwords from 337 applications

A new strain of Android malware called BlackRock has appeared in the criminal underworld and comes equipped with a wide range of data theft capabilities that allow it to target 337 Android applications.

This new threat appeared in May this year and was discovered by the mobile security company ThreatFabric.

LimeRAT Trojan-excel

Researchers say the malware was based on leaking the source code of another malware (Xerxes, based on other malware) but was enhanced with additional features, especially in terms of stealing user passwords and credit card information.

BlackRock still works like most trojan Android banking, in addition to targeting more applications than most of its predecessors.

BlackRock Android malware
photo source: ThreatFabric

The trojan will also steal the login credentials (username and password), where available, but will also ask the victim to enter the payment card details if the applications support financial transactions.

For ThreatFabric, data collection is done through a technique called "overlays", which is applied when the user tries to interact with a legitimate application and displays a fake window at the top that collects the login details and data of the victim card before allowing the user to enter them into the intended legal application.

In a report released this week, ThreatFabric researchers report that the vast majority of BlackRock overlays focus on financial and phishing applications. social media. However, overlays are also included for data phishing from dating, news, shopping, lifestyle and productivity applications.

Apart from the overlays, BlackRock is not as unique as it works like most Android malware these days and uses old and tried and tested techniques.

Once installed on a device, a malicious application infected with the BlackRock trojan asks the user to grant access to the feature accessibility of the phone.

The Android Accessibility feature is one of the most powerful features of the operating system, as it can be used to automate tasks and even perform "clicks" on behalf of the user.

BlackRock uses Android Accessibility to access others royalties Android and then uses an Android DPC (device policy controller, also known as a job profile) to give itself administrator access to the device.

It then uses this access to display malicious overlays, but ThreatFabric says that the trojan can also perform other annoying functions, such as:

  • Monitoring of SMS messages
  • Spam with predefined SMS
  • Launch specific applications
  • Keylogger function
  • Display custom push notifications
  • To sabotage antivirus apps

At the moment, BlackRock is being disguised as a fake Google update package offered on third-party sites and has not yet been spotted on the official Play Store.

However, Android malware gangs have found ways to bypass Google's control of the app, and at some point we will probably see BlackRock released on Play Store.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Britain: Loss of 150.000 police records from a database

Some 150.000 police records have been deleted from its database as a result of a technical problem, according to the British government.

Hy-Vee: Data breach settlement proposed

The Iowa-based Hy-Vee grocery chain appears to be in the process of settling a data breach.

Why do scientists say AI hyperintelligence cannot be controlled?

AI artificial intelligence, which has come to overturn the data of humanity, has been the subject of debate for many decades. Now,...

iPhone vs Android: Which is best for you?

The battle between iPhone and Android will last forever. IOS (iPhone OS) and Android are the two ...

Owner of bitcoin exchange service arrested for money laundering

The owner of a Bulgarian bitcoin exchange service was sentenced to prison in the United States, for his involvement in fraud and providing ...

How to boot shortcuts from an Apple Watch Face

IPhone shortcuts help you automate tasks, no matter how simple or complex. But did you know that you can ...

The "New Pokémon Snap" is coming to the Nintendo Switch on April 30

Pokémon photographers better prepare, as "New Pokémon Snap" comes to the Nintendo Switch on April 30th. The release date ...

In 2020 the average price of a new car reached 33.000 euros

Among all that happened in 2020, car buyers and the car industry set another new record which we would not say ...

Qualcomm acquires NUVIA, faster processors are coming!

Qualcomm announced the acquisition of startup NUVIA. The deal is valued at $ 1,4 billion, Qualcomm said. The acquisition could ...