Skip to main content

Android Users Beware Of BlackRock Malware Credential Stealer

By July 29, 2020May 19th, 2021Cybersecurity

Do you have an Android phone? If so, be advised that there’s a new threat to be on the lookout for.

The threat takes the form of a malware strain that’s being called BlackRock. It is a banking trojan that specializes in pilfering login and credit card information, which means that if you get infected, it’s likely to hit you hard.

The new variant was discovered by security researchers and analysts operating out of ThreatFabric. Based on an analysis of the code, it is a derivative of the Xerxes banking malware, which traces its roots back to the LokiBot trojan.

The key difference between this malware strain and the strains it was derived from is this: LokiBot and Xerxes focused their attention exclusively on banking and payment card information. BlackRock is equally interested in social media and dating site logins.

It’s a fairly stealthy piece of code, too, disguising itself as a Google Update, which requests Accessibility Services privileges and hiding its icon when it is launched. Even worse, once a victim grants the malware access to Accessibility Services, it will begin granting itself additional permissions out of the sight of the victim.

In addition to banking apps, BlackRock also targets a number of cryptocurrency wallet apps, including Coinbase, BitPay, and Binance, as well as popular apps like Microsoft Outlook, Gmail, Uber, Amazon, Netflix, and Google Play.

The researchers at ThreatFabric had this to say about their discovery:

The second half of 2020 will come with its surprises, after Alien, Eventbot and BlackRock, we can expect that financially motivated threat actors will build new banking Trojans and continue improving the existing ones.

With the changes that we expect to be made to mobile banking Trojans, the line between banking malware and spyware becomes thinner, banking malware will pose a threat for more organizations and their infrastructure, an organic change that we observed on Windows banking malware years ago.”

All that to say, it’s a serious threat, so be on the alert for it.

Jason Manteiga

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.

Leave a Reply