A malware called as “BlackRock” is roaming around the Android space, stealing sensitive user information such as passwords and credit card details. At least 337 applications are affected by the cybersecurity issue including popular ones like Amazon, Gmail, Netflix, Uber, etc.
BlackRock is simply described to have the behavior of any other malware and is derived from pre-existing malware code of Xerxes, which, in turn, is also extracted from previous codes.
Essentially an improvement over the malware algorithm it derives from, the newly-identified malicious software features better stealing capability involving user-sensitive data.
As per the report, the malware works by illicitly taking a victim’s username and password and then prompting said user to revealing their credit card information.
That’s a method called “overlays” which detects an interaction between the user and a legit application and then interjecting a fake window that asks for user’s payment credit card details. The maneuver often catches the victim off-guard thinking that the prompt came from a legitimate source e.g. the app being used.
Affected devices would see entry of the malware initially with an asking permission to access the phone’s ‘Accessibility’ feature, only to subsequently bypass or illicitly grant itself access to other Android permissions.
The malware was discovered by mobile security firm, ThreatFabric. According to their research, the malware is also capable of other functions, which include:
- Anticipating SMS messages
- SMS bombing or flooding
- Spam contacts with specified SMS
- Run specific applications
- Display custom push notifications
- Botch mobile antivirus capability