Explained: What is BlackRock Android malware? Are you vulnerable?

BlackRock isn’t exactly a new malware. In fact, it is based on the leaked source code of the Xeres malware, itself derived from malware called LokiBot. The only big difference between BlackRock and other Android banking trojans is that it can target more apps than previous malwares.

How does BlackRock Android malware work?

BlackRock works like most Android malware. Once installed on a phone, it monitors the targeted app. When the user enters the login and/or credit card details, the malware sends the information to a server. BlackRock uses the phone’s Accessibility feature, and then uses an Android DPC (device policy controller) to provide access to other permissions.

When the malware is first launched on the device, it hides its icon from the app drawer, making it invisible to the end-user. It then asks for accessibility service privileges. Once this privilege is granted, BlackRock grants itself additional permissions required to fully function without having to interact any further with the victim. At this point, the bot is ready to receive commands from the command-and-control server and execute overlay attacks.

Don’t miss from Explained | How the Covid-19 pandemic has changed consumer behaviour

But BlackRock isn’t limited to online banking apps and targets general purpose apps across various categories of Books & Reference, Business, Communication, Dating, Entertainment, Lifestyle, Music & Audio, News & Magazine, Tools, and Video Players & Editors.

The researchers noted that BlackRock steals credentials such as usernames and passwords from 226 apps, including PayPal, Amazon, eBay, Gmail, Google Pay, Uber, Yahoo Mail, Amazon and Netflix, among others. In addition, the malware steals credit-card numbers from an additional 111 apps, including Facebook Messenger, Google Hangouts, Instagram, PlayStation, Reddit, Stype, TikTok, Twitter, WhatsApp and YouTube.

ThreatFabric says the malware can be used to send and steal SMS messages, hide notifications, keylogging, AV detection, and much more.

📢 Express Explained is now on Telegram. Click here to join our channel (@ieexplained) and stay updated with the latest

BlackRock Android malware makes Antivirus apps useless

The new malware is so powerful that it makes antivirus applications useless. “The Trojan will redirect the victim to the HOME screen of the device if the victims tries to start or use antivirus software as per a specific list including Avast, AVG, Bitdefender, ESET, Symantec, Trend Micro, Kaspersky, McAfee, Avira, and even applications to clean Android devices, such as TotalCommander, SD Maid or Superb Cleaner,” ThreatFabric explains in its blog.

How to protect your phone from BlackRock Android malware?

Right now, the trojan is yet to be spotted on Google Play Store and is distributed as a fake Google Update on third-party stores. Your best bet is to download apps only from the Google Play Stores, use strong passwords, beware of spam and phishing emails, use an antivirus app if possible, and check app permissions. A patch could be on the way.