A new Android malware strain has arisen, with the capabilities to steal personal and bank details from 337 apps. ‘BlackRock’ emerged earlier this year in February, and was discovered by mobile security firm, ThreatFabric.
Researchers say the malware was based on the leaked source code of another strain, but was enhanced with additional features that with the theft of passwords and credit card information.
BlackRock works like a normal Android trojan but is capable of targeting far more apps than previous threats.
The data collection takes place via a technique called “overlays”, which consists of detecting when a user tries to interact with a legitimate app and showing a fake window on top that collects the victim’s personal information.
ThreatFabric has confirmed that the majority of BlackRock overlays focus on phishing financial and social apps, but also affects dating apps and video players.
Once installed on a device, a malicious app tainted with the BlackRock trojan asks the user to grant it access to the phone’s Accessibility feature.
BlackRock then uses the feature to grant itself access to other Android permissions and then uses an Android DPC (device policy controller, aka a work profile) to give itself admin access to the device.
Read more here.