A new Android malware has surfaced which is extremely powerful and can steal your data from more than 300 apps, as a disastrous Android malware, BlackRock has targeted 337 Android applications. This devastating malware firstly discovered by security research firm Threat Fabric.
According to Threat Fabric researchers, this calamitous malware BlackRock is developed from the leaked source code of another harmful Android malware Xerxes, which is based on another malware called Strains. But this BlackRock malware is extensively powerful than its predecessors and has additional data-stealing capabilities. The most dangerous feature of this newly raised malware is it can take user passwords and credit card details too.
BlackRock is based on Xerxes and its working procedure is somehow similar to most of the banking trojans. But it can attack more than 300 apps or around 337 apps which is more than its predecessors.
This malware was found in May 2020 by an analyst at Threat Fabric, according to ThreatFabric, “Technical aspects aside, one of the interesting differentiators of BlackRock is its target list; it contains an important number of social, networking, communication and dating applications. So far, many of those applications haven’t been observed in target lists for other existing banking Trojans. It, therefore, seems that the actors behind BlackRock are trying to abuse the growth in online socializing that increased rapidly in the last months due to the pandemic situation.“
Features of BlackRock
BlackRock comes up with many additional and harmful features as compared to its predecessors, some of the features of this disastrous Android malware ‘BlackRock’ are listed following:
- Overlaying: Dynamic (Local injects obtained from C2)
- SMS harvesting: SMS listing
- SMS harvesting: SMS forwarding
- Device info collection
- SMS: Sending
- Remote actions: Screen-locking
- Self-protection: Hiding the App icon
- Self-protection: Preventing removal
- Notifications collection
- Grant permissions
- AV detection
How Blackrock works?
- As explained by Threat Fabric, when the malware BlackRock firstly launched in your device, it will start hiding its app icon (from those targeted 337 apps) from the app drawer, those apps will be invisible to the end-user.
- In its second step, it will start asking for the Accessibility Service privileges from the victim.
- Once the permissions are granted, then BlackRock starts by granting itself additional permissions.
- Those additional permissions are fully bot-based and don’t require the victim’s permission anymore.
- Once completed, then the bot will start receiving commands from the C2 server.
- Some of the commands include:
- Send_SMS- It sends an SMS.
- Flood_SMS- It will send an SMS to a specific number in every 5 seconds.
- Run_App- It will start a specific app on the bot.
- Unlock_Hide_Screen- It will unlock the device from the HOME screen.
- And so many similar commands through which this malware can access your data and use it the way he (BlackRock) wants.
This malware is currently being scattering as fake Google update packages offered by the third-party sites pretty similar to Trojan, however, Trojan hasn’t yet spotted on Google Play Store. However, BlackRock with its extremely powerful commands can easily expand over Google Play Store.