Recently, India’s Computer Response Team of India (CERT-IN) has found vital information on a malware called BlackRock, which is allegedly targeting Android devices to steal crucial user information by hacking into the phone’s apps.
As stated in an alert issued by CERT-In in regards to the same, the malware can extract confidential user information by taking access of apps such as email clients, banking apps, social media apps, and e-commerce apps as well.
Warning of a Large-Scale Phishing Scam
While the malware has been spotted by CERT-In, India’s national security arm against cyberattacks and cyberthreats, the team has stated that the malware is active globally and therefore, any citizen or business firm across the globe can be affected by it.
The CERT-In officials have clarified that there are 337 applications on BlackRock’s target list, which includes basic communication and social networking apps used widely by a mass population all over the world.
How Is BlackRock Getting in Android Devices?
The CERT-In advisory has said, “The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan”.
As per the advisory’s explanation of the matter, BlackRock is installed like an application on the Android device, and it hides its icon from the app drawer. Now, BlackRock fakes a notification of a Google Update on your notification bar. To initiate this fake update, the Trojan will ask for Accessibility permissions. If granted, BlackRock can take full command of your phone.
The Accessibility permissions will grant BlackRock access to log keystrokes and even track users’ activity on the phone, unbeknownst to them. Moreover, the accessibility access will allow the Trojan to grant itself further permissions over apps to execute several operations. This can allow BlackRock to initiate further spamming and phishing attacks.
Furthermore, it can access texts and contacts, as well as login credentials to banking apps as well. To make matters worse, the hackers will be able to lock you on the home screen and snatch away total control of your phone, while your data is being stolen out of your device.
Threat Posed by Chrome Extensions
There is a special caution alert issued against the installation of Chrome extensions. While Android does not support Chrome extensions, you can always install them on your account via phone and later use them on the computer.
Many Chrome extensions are offered by third-party service providers, many of whom cannot be trusted. BlackRock may get installed on your device through any such extension installation via phone.
Furthermore, users are advised to refrain from downloading any app from untrusted sources and third-party app stores and instead resort to the official app stores on Android devices, including Google Play Stores. They’re also advised to not install any app from an unfamiliar or unknown app publisher or developer.
BlackRock Threatens Admin Privileges
The BlackRock malware is said to deflect many anti-malware or antivirus applications. The malware poses a threat to admin privileges as well. It has the strength to create its admin profile and take over further admin rights on your phone to gain or steal more information.
Users are advised to keep their accounts logged out on their devices, and that one must not use any hack-app or any app downloaded from untrusted sources. Users must adhere to basic security measures to protect their phone from a potential BlackRock attack.