BlackRock Android Malware has a wide range of data theft capabilities, the targeted apps include banking, dating, social media, and instant messaging apps.
Discovered by security firm ThreatFabric in May this year, this malware is based on the leaked source code of another malware strain Xerxes.
It targets more apps than most of its predecessors as it is enhanced with additional features, that deals with the theft of user passwords and credit card information.
BlackRock uses the infamous overlay attacks, and is capable of intrusive operations such as, spam and steal SMS messages, lock the victim in the launcher activity (HOME screen of the device), steal and hide notifications, deflect usage of Antivirus software on the device and act as a keylogger.
Once the malware is launched on the device, it poses as a Google update in an attempt to gain access to a user’s Accessibility services, it asks the victim for the Accessibility Service privileges. Once the user grants the request, the malware starts to grant itself additional permissions that enables it to communicate with its command-and-control (C&C) server and gives itself admin access to the device.
To defend themselves against the malware, organisations can follow the following security tips:
- Download apps only from trusted developers
- keeping an eye out for apps that require excessive permissions
- Use strong passwords
- Use multi-factor authentication for protecting the banking accounts