Cybersecurity experts recently reported a new strain of Android malware that appears to infect legitimate apps.
The new Android malware is called BlackRock, and it is expected to be more damaging than the Joker malware. The two strains appear to be related to each other since they exploit the same Android vulnerabilities.
A new attack vector
Unlike most Android malware that directly attacks their target, BlackRock embeds itself into legitimate apps. This particular strategy makes malware more potent since it can surreptitiously hide. As of this writing, at least 337 legitimate apps were reportedly being targeted by the malware.
Reports claim that the malware targeted top Android apps like PayPal, Uber, Telegram, Skype, Facebook, and Gmail. This is especially worrisome since these are some of the most popular and most used apps on the Android platform.
Android users should beware from BlackRock Malware. Malware which infected netflix and other banking related apps to steal your users banking details. 👇👇👇👇https://t.co/QSMWA4UgcD#android #malware #BlackRock pic.twitter.com/gqUedcZT1h
— Suggestion Buddy (@BuddySuggestion) July 20, 2020
What makes this new malware extremely dangerous is its simplicity. Instead of finding new vulnerabilities to exploit, it simply focuses on stealing user information. It builds on the core attack strategy of its predecessors, like the LokiBot and Parasite Trojans.
One of the many options to get rid of the malware is to delete the infected app. However, for many users, these apps are what they regularly use, so deleting them is not an option. Moreover, seeking an alternative app will take a lot of time and resources.
How to prevent infection
Despite the danger that this new Android malware poses to users, cybersecurity experts are still optimistic about its spread. It appears that the malware has yet to infiltrate the official Google App Store. Instead, it relies on third-party app stores to deliver its altered version of legitimate apps.
This means that preventing infection is still easy. All users have to do is refrain from downloading apps on third-party app stores. Installing reliable antivirus software on a device is also a good defense option.
Experts believe that being aware and vigilant is still the best defense against this malware. Most of these malware relies on social engineering to lure their target into installing them into a device. Relying solely on legitimate platforms like Google Play Store will prevent this from happening.
Experts said that the worst scenario here is when the malware gets its way into Google Play Store. Malicious users continue to churn out Android malware almost on a daily scale. While some malware gets complex by the day, some still rely on old methods to deliver their payload.
Image courtesy of Christian Wiediger/Unsplash