Security researchers at mobile security firm ThreatFabric have unearthed a new Android malware called BlackRock that has the potential to steal your personal data from over 300 apps. Researchers say BlackRock is an “enhanced” version of another Android malware called Xerxes that allows it to target more apps, 337 to be precise, ranging from financial to social media, from dating to lifestyle and productivity apps, while working on the same core principle as any other banking trojan. That reach is what makes BlackRock one of the most dangerous Android malwares we’ve seen to date.
Like most trojan viruses, BlackRock can also steal your login credentials which includes username and password, but it can also spoof users into sharing their credit or debit card details if the infected app allows for monetary transactions. The malware springs into action every time a user tries to interact with a legitimate (though infected) app setting up an initial fake window designed to collect their personal data even before they’ve entered the app in question. This technique is called “overlays.”
The malware can do all of this by taking control of Android’s Accessibility feature, something that it does the moment it is installed on a phone through one of the 337 apps. Once it gets that control, the malware can basically give itself admin access to a phone, letting it perform a wide range of automated tasks including SMS interception, logging key taps as well as spam contacts with predefined messages.
Clearly, BlackRock is as dangerous as malware gets, even more in some cases. The only silver lining, for now, is that it hasn’t made its way to the Google Play Store just yet. Rather, it is being distributed via third-party websites that offer fake Google update packages which means if you’re in the habit of downloading and installing updates for your Android apps from third-party websites, you should stop doing that now.
