Analysts Detect New Bank Malware

Uploaded on 2020-08-06 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

A new strain of very sophisticated banking malware that can hide as a genuine app and spy on the system has been dubbed BlackRock has been found by detection researchers at ThreatFabric. An investigation into its origins has revealed BlackRock to be derived from the Xerxes banking malware. The source code of the Xerxes malware was made public by its author around May 2019, consequently rendering it useless any threat actor to use in that form. 

BlackRock isn’t entirely new malware as it is based on the leaked source code of the Xeres malware, itself derived from malware called LokiBot. The big difference between BlackRock and other Android banking Trojans is that it can target more apps than previous malwares.

This malevolent malware steals credentials not only from banking apps but also from other apps designed to facilitate communication, shopping and business. In total, the team found 337 Android apps were impacted, including dating, social networking and cryptocurrency apps. 

ThreatFabric researchers think that the malware's creators are attempting to exploit the increase in online socializing brought about by the outbreak of COVID-19. “Technical aspects aside, one of the interesting differentiators of BlackRock is its target list; it contains an important number of social, networking, communication and dating applications.....  It therefore seems that the actors behind BlackRock are trying to abuse the growth in online socializing that increased rapidly in the last months due to the pandemic situation.”

BlackRock was first spotted back in May 2020. When the malware is first launched on a device, its icon is concealed from the app drawer, making it invisible to the end user. The malware then asks the victim for the Accessibility Service privileges, often posing as a Google update. 

Once this privilege is granted, BlackRock grants itself additional permissions required to fully function without having to interact any further with the victim. At this point, the bot is ready to receive commands from the command-and-control server and execute overlay attacks.

But BlackRock isn’t limited to online banking apps and targets general purpose apps across numerous other categories, including Business, Communication, Dating, Entertainment, Lifestyle, Music, News and other App based tools. 

 ThreatFabric:         CyWare:       Indian Express:       Infosecurity Magazine

You Might Also Read: 

Attacks On Financial Services Are  Increasingly Sophisticated:

 

« Cyber Security – Not Just For Data Protection
The Risk Of AI Being Used For Offensive Purposes »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Backup112

Backup112

Backup112 has been delivering professional cloud backup services since 2004.

Aiuken Cybersecurity

Aiuken Cybersecurity

Aiuken is an international IT Security company, focused on communications and IT technologies, specialised in Security and Cloud Services solutions with high added value.

Hysolate

Hysolate

Hysolate has transformed the endpoint, making it the secure and productive environment it was meant to be.

Tesorion

Tesorion

Tesorion is a fusion of different enterprises each with its own specialisation in the field of cybersecurity. We have combined these specialisations to create an integrated comprehensive solution.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Institute for Pervasive Cybersecurity - Boise State University

Institute for Pervasive Cybersecurity - Boise State University

Boise State University’s Institute for Pervasive Cybersecurity is a leader of innovative cybersecurity research and advancement in Idaho and the region.

Cyber Coaching

Cyber Coaching

Cyber Coaching is a community for enhancing technical cyber skills, through unofficial certification training, cyber mentorship, and personalised occupational transition programs.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

NextGen Cyber Talent

NextGen Cyber Talent

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry.

Netsurit

Netsurit

Managed IT, Cloud, and Security Services. Netsurit is Your IT Innovation and Digital Transformation Accelerator.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.