Windows 10 News and info | Forum
August 12, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New BlackRock Android malware can steal passwords and card data from 337 apps  (Read 43 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 31668


I Do Windows


WWW Email
« on: July 17, 2020, 12:52:44 PM »
ReplyReply

Android apps targeted by this new trojan include banking, dating, social media, and instant messaging apps

A new Android malware strain has emerged in the criminal underworld that comes equipped with a wide range of data theft capabilities allowing it to target a whopping 337 Android applications.

Named BlackRock, this new threat emerged in May this year and was discovered from mobile security firm ThreatFabric.

Researchers say the malware was based on the leaked source code of another malware strain (Xerxes, based itself on other malware strains) but was enhanced with additional features, especially on the side that deals with the theft of user passwords and credit card information.


Image: ThreatFabric
BlackRock still works like most Android banking trojans, though, except it targets more apps than most of its predecessors.

The trojan will steal both login credentials (username and passwords), where available, but also prompt the victim to enter payment card details if the apps support financial transactions.

Per ThreatFabric, the data collection takes place via a technique called "overlays," which consists of detecting when a user tries to interact with a legitimate app and showing a fake window on top that collects the victim's login details and card data before allowing the user to enter the intended legitimate app.

In a report shared with ZDNet this week prior to publication, ThreatFabric researchers say the vast majority of BlackRock overlays are geared towards phishing financial and social media/communications apps. However, there are also overlays included for phishing data from dating, news, shopping, lifestyle, and productivity apps. The full list of targeted apps is included in the BlackRock report.


Image: ThreatFabric
To show the overlays, BlackRock isn't that unique, and, under the hood, BlackRock works like most Android malware these days and uses old, tried, and tested techniques.

Once installed on a device, a malicious app tainted with the BlackRock trojan asks the user to grant it access to the phone's Accessibility feature.

The Android Accessibility feature is one of the operating system's most powerful feature, as it can be used to automate tasks and even perform taps on the user's behalf.

BlackRock uses the Accessibility feature to grant itself access to other Android permissions and then uses an Android DPC (device policy controller, aka a work profile) to give itself admin access to the device.

It then uses this access to show the malicious overlays, but ThreatFabric says the trojan can also perform other intrusive operations, such as:

    Intercept SMS messages

    Perform SMS floods

    Spam contacts with predefined SMS

    Start specific apps

    Log key taps (keylogger functionality)

    Show custom push notifications

    Sabotage mobile antivirus apps, and more

Currently, BlackRock is distributed disguised as fake Google update packages offered on third-party sites, and the trojan hasn't yet been spotted on the official Play Store.

However, Android malware gangs have usually found ways to bypass Google's app review process in the past, and at one point or another, we'll most likely see BlackRock deployed in the Play Store.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page July 18, 2020, 08:55:24 PM