A new Android malware strain has been recently discovered to have propagated in more than 337 apps hosted on third-party app stores.
Despite Google’s effort to free its platform from harmful Android malware, malicious users are still able to find ways. The new malware is called BlackRock, and it is reported to have infected 337 apps. All of these apps are hosted on third-party app stores.
How BlackRock attacks
According to ZDNet, the BlackRock malware was first discovered by cybersecurity firm ThreatFabric. The malware is not exactly a new one. In fact, it is a modified version of the Xeres malware, which itself is a strain of the LokBot Trojan.
Security measures already exist to block this type of malware. However, what is frightening is the massive scope of attack possibilities that BlackRock possesses.
New BlackRock Android malware can steal passwords and card data from 337 apps.
— Black Hat Ethical Hacking (@secur1ty1samyth) July 16, 2020
The malware is reportedly able to embed itself to 337 apps. Once inside its target’s system, the malware can steal sensitive user data and information stored in the device. The malware simply hides in the background and activates itself once its target app is opened by the user.
Like most Android malware, BlackRock utilizes social engineering to gain root access into its target device. It can gain root access when the user gives it Accessibility Service privileges during the installation process.
The silver lining to this issue is that BlackRock has yet to reach the official Google Play Store. Initial investigations reveal that it propagates by disguising as a fake Google Update from third-party app stores.
In a statement, ThreatFabric describes how the malware operates:
“Once the user grants the requested Accessibility Service privilege, BlackRock starts by granting itself additional permissions.”
Once inside the target’s system, the malware can deploy keyloggers and harvest SMS messages. This is worrisome since most two-factor authentication systems use the SMS protocol for security. The malware’s first targets are financial and banking apps.
Defense against the Android malware
Experts note that the best defense against this new type of Android malware is vigilance. The malware has yet to infiltrate the official Google Play Store, so it is still a relatively non-critical threat. However, due to its nature and design, the malware is expected to find its way there.
To avoid getting infected by this new Android malware, it is best to download apps only from Google Play Store. Third-party app stores are usually riddled with malware and other malicious apps. Using antivirus and malware detection software is also highly advisable.
Image courtesy of Proxima Studio/Shutterstock