Analysts Detect New Bank Malware

Uploaded on 2020-08-06 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

A new strain of very sophisticated banking malware that can hide as a genuine app and spy on the system has been dubbed BlackRock has been found by detection researchers at ThreatFabric. An investigation into its origins has revealed BlackRock to be derived from the Xerxes banking malware. The source code of the Xerxes malware was made public by its author around May 2019, consequently rendering it useless any threat actor to use in that form. 

BlackRock isn’t entirely new malware as it is based on the leaked source code of the Xeres malware, itself derived from malware called LokiBot. The big difference between BlackRock and other Android banking Trojans is that it can target more apps than previous malwares.

This malevolent malware steals credentials not only from banking apps but also from other apps designed to facilitate communication, shopping and business. In total, the team found 337 Android apps were impacted, including dating, social networking and cryptocurrency apps. 

ThreatFabric researchers think that the malware's creators are attempting to exploit the increase in online socializing brought about by the outbreak of COVID-19. “Technical aspects aside, one of the interesting differentiators of BlackRock is its target list; it contains an important number of social, networking, communication and dating applications.....  It therefore seems that the actors behind BlackRock are trying to abuse the growth in online socializing that increased rapidly in the last months due to the pandemic situation.”

BlackRock was first spotted back in May 2020. When the malware is first launched on a device, its icon is concealed from the app drawer, making it invisible to the end user. The malware then asks the victim for the Accessibility Service privileges, often posing as a Google update. 

Once this privilege is granted, BlackRock grants itself additional permissions required to fully function without having to interact any further with the victim. At this point, the bot is ready to receive commands from the command-and-control server and execute overlay attacks.

But BlackRock isn’t limited to online banking apps and targets general purpose apps across numerous other categories, including Business, Communication, Dating, Entertainment, Lifestyle, Music, News and other App based tools. 

 ThreatFabric:         CyWare:       Indian Express:       Infosecurity Magazine

You Might Also Read: 

Attacks On Financial Services Are  Increasingly Sophisticated:

 

« Cyber Security – Not Just For Data Protection
The Risk Of AI Being Used For Offensive Purposes »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

ThreatReady Resources

ThreatReady Resources

ThreatReady reduces an organization’s risk by delivering cyber security awareness training based on the latest, state-of-the-art learning science to effectively drive long-term cyber-safe behavior.

Venkon

Venkon

Venkon provides effective and unique solutions to cyber-security threats and IT compliance requirements of your organization.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

Patriot Consulting Technology Group

Patriot Consulting Technology Group

Patriot Consulting's mission is to help our clients manage cybersecurity risk through secure deployments of Microsoft 365.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

Information Security Society of Africa – Nigeria (ISSAN)

Information Security Society of Africa – Nigeria (ISSAN)

The Information Security Society of Africa – Nigeria (ISSAN) is a not-for-profit organization dedicated to the protection of Nigeria’s cyberspace.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.