Android Malware BlackRock Now steals Password from Non Banking Apps

Cybersecurity researchers uncovered new strain of banking malware called “BlackRock” that only targets banking apps but also non banking apps such as social media, dating and crypyocurrency apps. In total 337 apps are in target list.

Blackrock which was first discovered in may 2020, derived source code from leaked version of Xerxes banking malware which itself strain of the Lokibot banking malware during 2016-17 year.

Its capable of stealing user credentials, intercepting SMS messages, hijacking notifications, and even recording keystrokes from the targeted apps, in addition to being capable of hiding from antivirus software.

BlackRock does the data collection by abusing Android’s Accessibility Service privileges, for which it seeks users’ permissions under the guise of fake Google updates when it’s launched for the first time on the device.

it grant itself additional permissions and establish a connection with a remote command-and-control server to carry out its malicious activities by injecting overlays atop the login and payment screens of the targeted apps.

The target list contains famous apps such as Tinder, TikTok, PlayStation, Facebook, Instagram, Skype, Snapchat, Twitter, VK, Netflix, Uber, eBay, Amazon, Reddit and Tumblr.


This is not the first time mobile malware has abused Android’s accessibility features

Read more : Twitter accounts hacked in Bitcoin scam