To avoid the trap of the malware, the agency has advised users to not download any unknown updates from fishy and shady sources.
Cyber security forces in the country have forewarned about an Android malware termed ‘BlackRock’ which has the potential to harm the banking data and steal other sensitive information from the users. The malware can find its way to the sensitive data via 300 common mobile applications such as email, e-commerce apps, and social media applications among others. The Computer Emergency Response Team of India (CERT-In), an agency which secures the country’ cyber space from different types of attacks, has said that the campaign of the malware is already active across the globe and may have entered the Indian cyberspace.
The advisory issued by the agency said that the malware dubbed BlackRock which has data stealing capabilities, has been reported to be attacking a wide range of Android phone applications. It also said that the malware was reportedly developed using the source code of Xerxes banking malware which is also a variant of LokiBot Android trojan. What appears to be the biggest danger from this malware is the range of applications it is capable of getting access to which includes over 300 banking, non banking, entertainment, social media and communication applications, the advisory further said.
In order to forewarn the users who could come into the trap of the malware, the advisory also detailed the whole process of the malware infecting the device. The advisory said that after entering the device, the malware would hide its icon app from the app drawer and then appear in the form of a fake Google update requesting access to different areas of the device. The advisory went on to add that once the initial permission/privilege has been granted to the malware, it becomes capable of getting other permissions to access all other areas of the phone on its own. The advisory also said that the malware could prove very deadly to the users as it also has the potential to deflect the radar of various malware detecting apps and anti-viruses.
In order to avoid the trap of the malware, the agency has advised users to not download any unknown updates from fishy and shady sources. Refraining the download from any untrusted sources along with using only well recognised applications could also lessen the chances of the malware gaining entry in the devices, it said. For analysing the trustworthiness and recognisability of any applications, users can check the number of downloads, user reviews, and additional information section. Users should also be mindful of using unsecured wifi networks and other internet connections as they could also pose a threat to their devices.