Analysts Detect New Bank Malware
A new strain of very sophisticated banking malware that can hide as a genuine app and spy on the system has been dubbed BlackRock has been found by detection researchers at ThreatFabric. An investigation into its origins has revealed BlackRock to be derived from the Xerxes banking malware. The source code of the Xerxes malware was made public by its author around May 2019, consequently rendering it useless any threat actor to use in that form.
BlackRock isn’t entirely new malware as it is based on the leaked source code of the Xeres malware, itself derived from malware called LokiBot. The big difference between BlackRock and other Android banking Trojans is that it can target more apps than previous malwares.
This malevolent malware steals credentials not only from banking apps but also from other apps designed to facilitate communication, shopping and business. In total, the team found 337 Android apps were impacted, including dating, social networking and cryptocurrency apps.
ThreatFabric researchers think that the malware's creators are attempting to exploit the increase in online socializing brought about by the outbreak of COVID-19. “Technical aspects aside, one of the interesting differentiators of BlackRock is its target list; it contains an important number of social, networking, communication and dating applications..... It therefore seems that the actors behind BlackRock are trying to abuse the growth in online socializing that increased rapidly in the last months due to the pandemic situation.”
BlackRock was first spotted back in May 2020. When the malware is first launched on a device, its icon is concealed from the app drawer, making it invisible to the end user. The malware then asks the victim for the Accessibility Service privileges, often posing as a Google update.
Once this privilege is granted, BlackRock grants itself additional permissions required to fully function without having to interact any further with the victim. At this point, the bot is ready to receive commands from the command-and-control server and execute overlay attacks.
But BlackRock isn’t limited to online banking apps and targets general purpose apps across numerous other categories, including Business, Communication, Dating, Entertainment, Lifestyle, Music, News and other App based tools.
ThreatFabric: CyWare: Indian Express: Infosecurity Magazine:
You Might Also Read:
Attacks On Financial Services Are Increasingly Sophisticated: