BLACKROCK MALWARE
Android users installing apps from
third-party app stores are at risk of the BlackRock malware. How can this
malware be stopped?
BlackRock malware is yet another threat
that Android users have to worry about. This newly-discovered malware can
attack a variety of different apps, stealing your information in the process.
Before you download another app, make sure
you know what BlackRock malware is, and how you can protect yourself.
What Is BlackRock Android Malware?
In May 2020, security company,
ThreatFabric, discovered a digital danger that affects Android devices:
BlackRock malware.
However, analysts quickly discovered that
BlackRock malware actually isn’t a new threat. BlackRock malware stems from the
leaked Xeres malware source code, which is a type of LokiBot banking Trojan.
Despite being based on a banking Trojan,
BlackRock malware doesn’t just affect banking apps. It also targets shopping,
lifestyle, social, entertainment, and even dating apps. This widespread coverage
makes it especially dangerous.
In fact, it has 337 apps on its target
list, some of which you might use on a daily basis. Its target apps aren’t
limited to one country either---it tackles apps across Europe, North America,
and Australia.
ThreatFabric displays the entire target
list in its report. Some apps on its list include Gmail, Netflix, Snapchat,
eBay, Twitter, TikTok, Facebook Messenger, PayPal, and more.
So far, BlackRock malware hasn’t been found
on the Google Play Store. It currently attacks apps downloaded from third-party
sites, but this doesn’t mean that BlackRock malware will never appear on the
Google Play Store. Aggressive hackers can still find ways to bypass Google’s
security protocols.
How BlackRock Malware Steals Your
Information
When BlackRock malware appears on your
device, an unknowing user might never realize it. It uses a tactic known as an
“overlay,” which is a phony window that pops up over a legitimate app. The
overlay blends in with the app, so it’s difficult to tell whether the pop-up is
part of the app or not.
The window will prompt you to enter your
login information and credit card number before you can even start using the
legitimate app. This allows it to get hold of your information right off the
bat.
It Infiltrates your device in the first
place by getting Accessibility Services permissions. When you install an
infected app, it’ll prompt you to enable a fake Google Update. Accepting the
“Google Update” allows it to intervene with your device.
If you aren’t familiar with an Android’s
Accessibility feature, you should know that it’s one of the most powerful
functions on your device. It’s meant to help Android owners with disabilities,
but Accessibility Services can be used to hack your phone as well. This feature
can automate a variety of tasks for the user, including tapping the screen,
reading text aloud, and even creating captions.
Giving BlackRock permission to use
Accessibility Services allows it to create the overlay you’ll see when opening
the target app. It also gives the malware additional abilities, as it will then
proceed to use an Android DPC (device policy controller) to grant itself
administrator privileges.
In other words, it doesn’t just steal the
sensitive information you type into its overlay---it can actually do much more
than that. Not only can BlackRock intercept SMS messages, hide notifications,
and lock your screen, but it can also engage in keylogging. That said, you
definitely don’t want this malware on your device.
How to Protect Yourself From BlackRock
Malware
As mentioned earlier, BlackRock hasn’t yet
been found on the Google Play Store. But just because it’s currently attacking
apps from third-party app stores, that doesn’t mean that it’ll never find its
way to Google Play.
ThreatFabric states that it “can’t yet
predict how long BlackRock will be active on the threat landscape.” In the
meantime, it’s important to keep some precautions in mind before downloading
apps.
Why an Anti-Virus App Won’t Cut It
It’s not a bad idea to have an antivirus
app on your smartphone, but unfortunately, an antivirus app won’t stop the
BlackRock malware. When BlackRock infiltrates your phone, it has a feature that
blocks you from using an antivirus app.
As soon as you open an antivirus or an
Android cleaner app, such as Avast, Kaspersky, McAfee, BitDefender, or Superb
Cleaner, BlackRock will immediately redirect you to your Home screen. This
prevents you from removing the malware using an antivirus app.
So, if you download a sketchy app from a
third-party store, and think that an antivirus app will keep you safe from all
threats, think again.
Check App Permissions
You should keep an eye on app permissions
no matter how legit an app may seem. Some apps ask for permissions that have
nothing to do with the core function of the app.
For example, a flashlight app obviously
doesn’t need access to your SMS messages. This is a sign that you should
uninstall the app immediately.
Since BlackRock malware asks for
Accessibility Services permissions, you’ll want to look out for any apps that
require that specific privilege. If an app is legitimately for disabled users,
has good reviews, and is from the Google Play Store, you can likely trust
granting the Accessibility Services permission. Otherwise, avoid giving that
privilege to any apps that don’t need it.
Only Download Apps From the Google Play
Store
Google Play Protect was put in place to
scan your installed apps for malware as soon as you download them, as well as
scan them periodically once installed. Third-party app stores don’t have this
safety feature, so you’re pretty much on your own in terms of security.
The lack of security protocols on
third-party stores has allowed BlackRock malware to thrive. To lower your risk
of encountering BlackRock malware, try to avoid third-party apps stores, and
refrain from downloading APKs.
Keeping Your Android Device Safe
Hopefully, BlackRock malware will never hit
the Google Play Store. There’s really no telling if the actors behind BlackRock
malware can find a loophole in Google’s security policies, but if they succeed,
BlackRock malware could accrue a substantial number of victims.
If BlackRock ever does get onto the Google
Play Store, it wouldn’t be too surprising. After all, several apps containing
Joker malware still managed to make their way on the Google Play Store despite
Google’s strict security protocols.
P. Karthikeyan
21UCA021
Notified about BLACKROCK MALWARE
ReplyDeleteAwesome
ReplyDeleteNice👌
ReplyDelete