Analysts Detect New Bank Malware

A new strain of very sophisticated banking malware that can hide as a genuine app and spy on the system has been dubbed BlackRock has been found by detection researchers at ThreatFabric. An investigation into its origins has revealed BlackRock to be derived from the Xerxes banking malware. The source code of the Xerxes malware was made public by its author around May 2019, consequently rendering it useless any threat actor to use in that form. 

BlackRock isn’t entirely new malware as it is based on the leaked source code of the Xeres malware, itself derived from malware called LokiBot. The big difference between BlackRock and other Android banking Trojans is that it can target more apps than previous malwares.

This malevolent malware steals credentials not only from banking apps but also from other apps designed to facilitate communication, shopping and business. In total, the team found 337 Android apps were impacted, including dating, social networking and cryptocurrency apps. 

ThreatFabric researchers think that the malware's creators are attempting to exploit the increase in online socializing brought about by the outbreak of COVID-19. “Technical aspects aside, one of the interesting differentiators of BlackRock is its target list; it contains an important number of social, networking, communication and dating applications.....  It therefore seems that the actors behind BlackRock are trying to abuse the growth in online socializing that increased rapidly in the last months due to the pandemic situation.”

BlackRock was first spotted back in May 2020. When the malware is first launched on a device, its icon is concealed from the app drawer, making it invisible to the end user. The malware then asks the victim for the Accessibility Service privileges, often posing as a Google update. 

Once this privilege is granted, BlackRock grants itself additional permissions required to fully function without having to interact any further with the victim. At this point, the bot is ready to receive commands from the command-and-control server and execute overlay attacks.

But BlackRock isn’t limited to online banking apps and targets general purpose apps across numerous other categories, including Business, Communication, Dating, Entertainment, Lifestyle, Music, News and other App based tools. 

 ThreatFabric:         CyWare:       Indian Express:       Infosecurity Magazine

You Might Also Read: 

Attacks On Financial Services Are  Increasingly Sophisticated:

 

« Cyber Security – Not Just For Data Protection
The Risk Of AI Being Used For Offensive Purposes »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

ThreatBook

ThreatBook

ThreatBook is dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

HorizonIQ

HorizonIQ

HorizonIQ (formerly Internap Corp / INAP) maximizes efficiency and innovation with flexible infrastructure solutions.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Cyber Explorers

Cyber Explorers

Cyber Explorers is a fun, free and interactive learning platform for future digital superstars. An exciting addition to UK curriculum delivery or after school activities.