Security provider ThreatFabric has a new one-Malware analyzes, which has extensive functions for theft of data. It is able to extract information from 337 Android apps. The malware called BlackRock was first discovered in May.
The backers are said to have developed BlackRock based on the leaked source code of the malware Xerxes, which they added new functions. However, the procedure corresponds to that of other banking Trojans, which on the one hand steal login data and on the other hand try to trick users into entering financial data in fake forms.
For this purpose, according to the analysis, BlackRock also displays an overlay window as soon as the malware detects an interaction with a legitimate app. This window corresponds to the surface of the legitimate app, but transmits all inputs to the cybercriminals. The peculiarity of BlackRock is the variety and range of legitimate apps that are attacked in this way.
The malware is not limited to financial apps, but also targets social media and communication applications. It can also imitate dating, lifestyle, news, and productivity apps.
BlackRock arrives on an Android device via an app contaminated with the malware. During the installation, the user requests authorization for the Android operating aids in order to carry out actions on behalf of the user, but without his knowledge. In this way, BlackRock grants itself additional authorizations to intercept SMS, send spam SMS, run certain apps, spy on keystrokes, display notifications and sabotage security applications.
The malware has not yet been seen in the official Play Store. Instead, it spreads through fake ones-Update packages that are offered through third parties. However, hackers always succeed in bypassing the security precautions of the Play Store and distributing almost any malware via the official Android marketplace.