New Delhi: A new malware in Android has been detected which steals data from 337 applications like Gmail, Netflix, Uber, Amazon, YONO Lite by SBI. This data can be in the form of password and credit card details.
This new form of malware that goes by the name of BlackRock has surfaced in smartphones and is capable of stealing user’s data. This malware was discovered by the security company ThreatFabric.
BlackRock functions as any other Android malware and according to the firm the malware monitors and detects when any of the apps it targets is opened. It then pops up an “overlay” which would look genuine to unsuspecting users (the Trojan collects the data through this technique of overlays). Since people would not be able to realise that it is a fake popup they would then enter their credentials to access the app itself. These credentials then land on the hacker’s server.
Researchers at ThreatFrabric states that the malware BlackRock is based on the leaked source code of another malware strain Xerexes. BlackRock is however much more enhanced with more additional features related to stealing card details and passwords. Additionally, this malware allegedly leaves no trace of the stealing of data or hacks.
If the app gets installed on the smartphones, the Trojan gets to work by asking the user to grant access to the pone’s Accessibility feature. It is then followed by using the users’ Accessibility feature to grant the malware access to other Android permissions. Researchers at ThreatFabric also fear that this malware can perform other intrusive operations. This includes interception of SMS messages, performing SMS floods, spam contacts with predefined SMS, sabotages mobile antivirus apps, shows custom push notifications, starts specific apps, log key taps, etc.
The report published by the security company also states that BlackRock is distributed as fake Google update packages. This is offered on third-party websites and has not been spotted in Google Play Store as of now. PayPal mobile cash, Gmail, Yahoo Mail, Microsoft Outlook, Amazon seller, Skrill, Uber, Netflix, Amazon shopping, Binance, YONO Lite SBI, IDBI Bank Go Mobile+, and iMobile by ICICI among others are in the target of this malware.