Table of Contents
BlackRock is a trojan and a variant of the Xerxes malware, which was developed using the LokiBot. However, compared to its predecessors, BlackRock has a much bigger target list. Moreover, unlike previous trojans, which targeted only banking apps, the new malware targets not just banking apps but also apps related to social media, messaging, dating, e-books, music and videos, news, etc. It was discovered in May this year by Dutch cybersecurity firm ThreatFabric.
While BlackRock malware itself does not have a lot of new features that previous trojans haven't had, what makes it special is the list of apps it targets. The list of apps that BlackRock targets is rather huge by trojan standards and includes, but is not limited to, the following apps:
Along with the banking, shopping, messaging, and dating apps, there are a number of cryptocurrency wallets that are targeted for data theft by the malware.
BlackRock's features are not too powerful and similar to what we have seen on earlier trojans. It can:
Along with this, the malware can hide itself from the app menu/ app drawer so you will never it was installed. Moreover, if you try to install an antivirus app, it will keep redirecting you to the home screen so that it is not discovered and, thus, cannot be deleted. Avast, AVG, BitDefender, Eset, Symantec, TrendMicro, Kaspersky, McAfee, and Avira antivirus apps will not be allowed to download on your phone. Even apps such as TotalCommander, SD Maid, and Superb Cleaner, which clean Android devices, will not be downloadable.
When BlackRock is first launched on your Android smartphone, it will hide its app icon. Then it will pose as a Google update and ask you to grant it Accessibility Services privileges. Once it has Accessibility privileges, it will give itself other permissions – including creating an admin profile for your phone for itself – so that it doesn't need any more interaction or authorization from you.
Once the malware has all the permissions, it will be able to create an overlay on any of the apps that it targets for data collection. This means, for example, if you open the YONO Lite app by SBI, it will ‘put' a fake screen on top of the app's actual UI – when you enter your details on the fake screen, it can steal your username and password from this overlay.
The malware even targets social, messaging, lifestyle, and dating apps to steal credit card information. Of these 337 infected apps, as many as 111 apps are targeted for just credit card info theft, including WhatsApp, WhatsApp Business, Twitter, Twitter, Lite, Snapchat, Telegram, Skype, Skype Lite, Instagram, IGTV, Facebook, Facebook Messenger Lite, YouTube, Play Store, Reddit, Pinterest, Hangouts, and Tinder. However, as mentioned earlier, if you have not downloaded any apps from third-party app stores and only use the Google Play Store to download apps on your phone, your smartphone should not be infected.