Recently, CERT-In has issued an advisory related to BlackRock Android Trojan Malware. According to Cert-In, an Android malware ‘BlackRock’ has the potential to steal banking credentials of android users. It can steal confidential data and credit card information through email, e-commerce apps, banking, and financial apps and social media apps. The malware can steal information through 300 plus such apps. It is a deadly malware as said by CERT-In as it can deflect most of the anti-virus applications. CERT-In has said that the virus was first spotted in May. The virus is deadly but CERT-In has suggested some of the counter-measured regarding the malware to Android users.
Statement of CERT-In
The malware was first spotted in May. It was initially reported by ThreatFabric. The advisory said,” It is reported that a new Android malware strain dubbed ‘BlackRock’ equipped with data-stealing capabilities is attacking a wide range of Android applications. The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan”.
Features of the malware
The malware has been designed to infect the android system and steal banking information of the users. It can detect the credit card number, confidential information, and other baking details of the users by infecting 337 apps. These apps not only include banking and financial applications but also some other known applications. These non-financial and well-known apps include e-commerce apps, social media apps, dating apps and even some other apps. The advisory said, “It can steal credentials and credit card information from over 300 plus apps like email clients, e-commerce apps, virtual currency, messaging or social media apps, entertainment apps, banking, and financial apps, etc.”
Infection activity of the malware
According to the advisory, when the malware is launched into the device of the victim, it hides its icon. It masquerades itself as a fake Google update required for accessibility service privileges. Once the user grants this privilege, it begins to function freely without interacting with the user as the user has already granted permission to this malware.
The advisory said that the threat operators can issue several commands for different operations. It can spam the victims’ contact list with several text messages, log the keystrokes, set the malware as a default SMS app, push the notifications of the system to command and control server, send span, lock the user in the home screen of the device and steal SMS messages of the victim. It does all these activities to steal the data through the device of a victim.
The advisory has termed this malware as a “deadly” malware as most of the antivirus apps can be easily deflected by it. The advisory also mentioned another feature of this Trojan. This Android Trojan makes use of ‘Android work profiles’ so that it can control the infected device easily without requiring admin rights. Instead, it created and attributes its own managed profile to gain access to pages that have admin privileges.
Countermeasures for ‘BlackRock’
Some of the counter-measures have been suggested by the federal cybersecurity agency. These measures are
- Do not download and install applications from untrusted sources or third-party resources. Always use a trusted and reputed source to download applications.
- Always check the app details before downloading it. Check reviews, number of downloads, ratings, and additional information associated with it even before downloading it from the play store.
- Do not use unknown Wi-Fi networks or unsecured networks.
- Always use device encryption or encrypt external SD Card
- The advisory has also said that one should always use authorized and the original version of banking apps.
- Also, another guideline is to install strong AI-powered antiviruses in the phone to counter such malware.
Final Verdict
BlackRock malware is a global android malware that might affect the android device of anyone. The only way to counter this deadly malware is to install powered anti-virus apps that are capable enough to detect and further block it. As this virus is already powerful enough to counter the majority of antivirus apps, one must also keep preventive measures in the mind. Downloading apps form a trusted source and not using unsecured network connections are basic and key steps to prevent malware from entering into your device.
