New Delhi: This new malware, BlackRock, threat emerged in May this year and was discovered by mobile security firm ThreatFabric.
Col. Inderjeet explains that once installed on a device, a malicious app tainted with the BlackRock does the data collection by abusing Android's Accessibility Service privileges, for which it seeks users' permissions under the guise of fake Google updates when it's launched for the first time on the device, as shown in the screenshots.
BlackRock uses the Accessibility feature of the Andriod Operating System to grant itself access to other Android permissions and then uses an Android device policy controller to give itself administrative access to the device.
Interestingly, of the 337 unique applications in BlackRock's target lists, many applications haven't been observed to be targeted by banking malware before. Those "new" targets are mostly not related to financial institutions and are overlayed in order to steal credit card details. The target list of non-financial apps contains famous applications such as but not limited to Tinder, TikTok, PlayStation, Facebook, Instagram, Skype, Snapchat, Twitter, Grinder, VK, Netflix, Uber, eBay, Amazon, Reddit, and Tumblr.
As per ThreatFabric the second half of 2020 will come with its surprises, after Alien, EventBot, and BlackRock, we can expect that financially motivated threat actors will build new banking Malwares and continue improving the existing ones.
Col Inderjeet advises, " Keep the Android operating system updated, apps to be updated, have a proper anti-virus in the mobile phone, do not download any app which is malicious in nature. Do not give any undue permissions of your mobile phones to any apps."
Prof N K Goyal, Chairman, Cyber Security Association of India, is also of the opinion, "We should safely use the applications and not fall in the trap laid by malware and lose our valuable data."
Also Read: Insight into Twitter hacks using Bitcoin Scam by Col. Inderjeet Singh, DG, CSAI