• Android malware has often found its ways to bypass Google’s app review process. One of the well-known examples is Joker malware.

• A new Android malware has been discovered that steals data such as password and credit card details from 337 apps including some of the popular ones like Gmail, Amazon, Netflix, Uber, and more.

• The malware that goes by the name BlackRock comes with data theft capabilities, a report from ZDNet stated. The publication was the first to report about malware and discovered by mobile security firm ThreatFabric.

How does BlackRock steal user details?

• BlackRock malware functions just like any other Android malware. According to researchers at ThreatFabric, the BlackRock malware is based on the leaked source code of another malware strain Xerxes which in turn is based on other malware strains. The new malware is enhanced with more features related to stealing passwords and credit card details.

• The report suggests that the malware steals login credentials including username and passwords) and sends prompt to users to enter payment credit card details.

• The trojan collects data through a technique called “overlays”. It basically detects when a user interacts with a legitimate app and places a fake window on top that asks for login and credit card details before the user enters the actual app.

• ThreatFabric researchers say BlackRock overlays happen towards phishing financial, social media, communications, dating, news, shopping, lifestyle, and productivity apps.

• Once the app is installed on a smartphone, the trojan first asks the user to grant access to the phone’s Accessibility feature.

• It then users the Accessibility feature to grant itself access to other Android permissions. Then uses an Android DPC for access to admin. The malware then uses this access to display overlays to collect user credentials and credit card details.

Intrusive operations:

• Intercept SMS messages

• Perform SMS floods

• Spam contacts with predefined SMS

• Start specific apps

• Log key taps (keylogger functionality)

• Show custom push notifications

• Sabotage mobile antivirus apps, and more

Way ahead:

• The report states that BlackRock is distributed as fake Google update packages offered on third-party websites and has not been spotted on Google Play Store yet.