New Android malware infects hundreds of legitimate apps

Cybersecurity experts recently reported a new strain of Android malware that appears to infect legitimate apps.

The new Android malware is called BlackRock, and it is expected to be more damaging than the Joker malware. The two strains appear to be related to each other since they exploit the same Android vulnerabilities.

A new attack vector

Unlike most Android malware that directly attacks their target, BlackRock embeds itself into legitimate apps. This particular strategy makes malware more potent since it can surreptitiously hide. As of this writing, at least 337 legitimate apps were reportedly being targeted by the malware.

Reports claim that the malware targeted top Android apps like PayPal, Uber, Telegram, Skype, Facebook, and Gmail. This is especially worrisome since these are some of the most popular and most used apps on the Android platform.

What makes this new malware extremely dangerous is its simplicity. Instead of finding new vulnerabilities to exploit, it simply focuses on stealing user information. It builds on the core attack strategy of its predecessors, like the LokiBot and Parasite Trojans.

One of the many options to get rid of the malware is to delete the infected app. However, for many users, these apps are what they regularly use, so deleting them is not an option. Moreover, seeking an alternative app will take a lot of time and resources.

How to prevent infection

Despite the danger that this new Android malware poses to users, cybersecurity experts are still optimistic about its spread. It appears that the malware has yet to infiltrate the official Google App Store. Instead, it relies on third-party app stores to deliver its altered version of legitimate apps.

This means that preventing infection is still easy. All users have to do is refrain from downloading apps on third-party app stores. Installing reliable antivirus software on a device is also a good defense option.

Experts believe that being aware and vigilant is still the best defense against this malware. Most of these malware relies on social engineering to lure their target into installing them into a device. Relying solely on legitimate platforms like Google Play Store will prevent this from happening.

Experts said that the worst scenario here is when the malware gets its way into Google Play Store. Malicious users continue to churn out Android malware almost on a daily scale. While some malware gets complex by the day, some still rely on old methods to deliver their payload.

Image courtesy of Christian Wiediger/Unsplash

Micky is a news site and does not provide trading, investing, or other financial advice. By using this website, you affirm that you have read and agree to abide by our Terms and Conditions.
Micky readers - you can get a 10% discount on trading fees on FTX and Binance when you sign up using the links above.