ThreatFabric researchers have discovered a new strain of Android malware targeting not only banking apps, but also non-banking ones, to steal login data and credentials, including social networking, and cryptocurrency apps.
The malware, dubbed BlackRock, is a variant of Xerxes banking malware, which is a strain of the LokiBot Android banking trojan that was first discovered in 2016. BlackRock's major exploits includes: intercepting SMS messages, notifications, and also recording keystrokes from targeted apps, as well as being capable of running undetected by antivirus software.
It contains a number of social networking, communication and dating apps that haven't been previously observed in any target lists for other banking Trojans.
How BlackRock Steals Data from Non-Banking Apps
BlackRock steals data by abusing Android's Accessibility Service privileges, which seeks users' permissions under the guise of purported Google updates once it is launched for the first time on the Android device.
It then goes on to grant additional permissions to itself and establish a connection with a remote command-and-control (C&C) server to execute its malicious activities by injecting overlays on the targeted apps' login and payment screens.
BlackRock is different from other malware, in that the sheer number of the applications targeted are enormous, which go beyond the mobile banking apps typically singled out by related Android malware.
What Android users can do to be Safe from BlackRock
If you notice unusual notifications and screen activites on your Android device, or suspect that it has any malware-infected apps, quickly uninstall the app from your device, and also make sure the operating system and apps on your device are up to date.
It is recommended that Android users should always scrutinize the permissions granted to every app installed on their device.