Highlights:
- New Android Malware could deflect the majority of antivirus apps
- The Android Trojan Malware is called “BlackRock”
- CERT-In has issued an advisory concerning the “BlackRock” malware
India’s Cyber Security agency has issued an alert pertaining to an Android Malware which is called “BlackRock” which has the potential to “setal” the banking and other confidential data of a user. The advisory of CERT-In said that the Malware can steal credentials and credit card information from over 300 apps such as email, e-commerce apps, social media apps, besides banking and financial apps.
The “attack campaign” of the “Trojan” category malware is active worldwide according to the Computer Emergency Response Team of India (CERT-In), which is India’s technology arm to combat cyber-attacks and guard Indian cyberspace.
Initially, the “BlackRock” Android Trojan Malware was reported by ThreatFabric this month and the first spotting happened back in May.
The advisory said, “It is reported that a new Android malware strain dubbed ‘BlackRock’ equipped with data-stealing capabilities is attacking a wide range of Android applications.”
It added that “The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan,”.
The “noteworthy feature” of this BlackRock malware is that its target list contains 337 applications which include banking and financial applications, along with various non-financial and well known applications which are commonly used by people all around the globe on Android devices which focus on Communication, Social, Dating, and Networking platforms, it said.
The advisory also says that the malware is capable of stealing “credentials and credit card information from over 300 plus apps like email clients, e-commerce apps, virtual currency, messaging or social media apps, entertainment apps, banking and financial apps etc,”.
It added that “When the malware is launched on the victim’s device, it hides its icon from app drawer and then masquerades itself as a fake Google update to request accessibility service privileges.
“Once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function further without interacting with user,” it said.
The threat operators will be able to issue several commands for different operations which includes logging keystrokes, spamming the victims’ contact list with text messages, setting the malware as the default SMS manager, pushing system notifications to the C2 (command and control) server, locking the victim in the device home screen and steal and hide notifications, send spam and steal SMS messages and many more such activities, the advisory said.
It is being said that this Malware is deadly because it has the ability of “deflect” the majority of antivirus application which are currently available in the market.
The advisory said that “Another feature of this Android Trojan is making use of ‘Android work profiles’ to control the compromised device without requiring complete admin rights and instead creating and attributing its own managed profile to gain admin privileges,”.
According to the fededar cybersecurity agency, there are some counter measures which you can follow to minimise the risk of you falling prey to this malware.
- Do not download and install applications from untrusted sources and use reputed application market only
- Always review the app details, number of downloads, user reviews and check “additional information” section before downloading an app from play store
- Use device encryption or encrypt external SD card
- Avoid using unsecured, unknown Wi-Fi networks among others.
Additionally, when it comes to downloading the banking or financial applications a user should only use the official and verified version of the app. Also, a strong AI-powered mobit antivirus should be installed on your Android device to detect and block any kind of tricky malware, the advisory added.
