Skip to main content

What Is BlackRock Android Malware and How Can You Avoid It?

BlackRock malware is yet another threat that Android users have to worry about. This newly-discovered malware can attack a variety of different apps, stealing your information in the process.

Before you download another app, make sure you know what BlackRock malware is, and how you can protect yourself.

In May 2020, security company, ThreatFabric, discovered a digital danger that affects Android devices: BlackRock malware.

However, analysts quickly discovered that BlackRock malware actually isn't a new threat. BlackRock malware stems from the leaked Xeres malware source code, which is a type of LokiBot banking Trojan.

Despite being based on a banking Trojan, BlackRock malware doesn't just affect banking apps. It also targets shopping, lifestyle, social, entertainment, and even dating apps. This widespread coverage makes it especially dangerous.

In fact, it has 337 apps on its target list, some of which you might use on a daily basis. Its target apps aren't limited to one country either---it tackles apps across Europe, North America, and Australia.

ThreatFabric displays the entire target list in its report. Some apps on its list include Gmail, Netflix, Snapchat, eBay, Twitter, TikTok, Facebook Messenger, PayPal, and more.

So far, BlackRock malware hasn't been found on the Google Play Store. It currently attacks apps downloaded from third-party sites, but this doesn't mean that BlackRock malware will never appear on the Google Play Store. Aggressive hackers can still find ways to bypass Google's security protocols.

When BlackRock malware appears on your device, an unknowing user might never realize it. It uses a tactic known as an "overlay," which is a phony window that pops up over a legitimate app. The overlay blends in with the app, so it's difficult to tell whether the pop-up is part of the app or not.

The window will prompt you to enter your login information and credit card number before you can even start using the legitimate app. This allows it to get hold of your information right off the bat.

It infiltrates your device in the first place by getting Accessibility Services permissions. When you install an infected app, it'll prompt you to enable a fake Google Update. Accepting the "Google Update" allows it to intervene with your device.

If you aren't familiar with an Android's Accessibility feature, you should know that it's one of the most powerful functions on your device. It's meant to help Android owners with disabilities, but Accessibility Services can be used to hack your phone as well. This feature can automate a variety of tasks for the user, including tapping the screen, reading text aloud, and even creating captions.

Giving BlackRock permission to use Accessibility Services allows it to create the overlay you'll see when opening the target app. It also gives the malware additional abilities, as it will then proceed to use an Android DPC (device policy controller) to grant itself administrator privileges.

In other words, it doesn't just steal the sensitive information you type into its overlay---it can actually do much more than that. Not only can BlackRock intercept SMS messages, hide notifications, and lock your screen, but it can also engage in keylogging. That said, you definitely don't want this malware on your device.

As mentioned earlier, BlackRock hasn't yet been found on the Google Play Store. But just because it's currently attacking apps from third-party app stores, that doesn't mean that it'll never find its way to Google Play.

ThreatFabric states that it "can't yet predict how long BlackRock will be active on the threat landscape." In the meantime, it's important to keep some precautions in mind before downloading apps.

It's not a bad idea to have an antivirus app on your smartphone, but unfortunately, an antivirus app won't stop the BlackRock malware. When BlackRock infiltrates your phone, it has a feature that blocks you from using an antivirus app.

As soon as you open an antivirus or an Android cleaner app, such as Avast, Kaspersky, McAfee, BitDefender, or Superb Cleaner, BlackRock will immediately redirect you to your Home screen. This prevents you from removing the malware using an antivirus app.

So, if you download a sketchy app from a third-party store, and think that an antivirus app will keep you safe from all threats, think again.

You should keep an eye on app permissions no matter how legit an app may seem. Some apps ask for permissions that have nothing to do with the core function of the app.

For example, a flashlight app obviously doesn't need access to your SMS messages. This is a sign that you should uninstall the app immediately.

Since BlackRock malware asks for Accessibility Services permissions, you'll want to look out for any apps that require that specific privilege. If an app is legitimately for disabled users, has good reviews, and is from the Google Play Store, you can likely trust granting the Accessibility Services permission. Otherwise, avoid giving that privilege to any apps that don't need it.

Google Play Protect was put in place to scan your installed apps for malware as soon as you download them, as well as scan them periodically once installed. Third-party app stores don't have this safety feature, so you're pretty much on your own in terms of security.

The lack of security protocols on third-party stores has allowed BlackRock malware to thrive. To lower your risk of encountering BlackRock malware, try to avoid third-party apps stores, and refrain from downloading APKs.

Hopefully, BlackRock malware will never hit the Google Play Store. There's really no telling if the actors behind BlackRock malware can find a loophole in Google's security policies, but if they succeed, BlackRock malware could accrue a substantial number of victims.

If BlackRock ever does get onto the Google Play Store, it wouldn't be too surprising. After all, several apps containing Joker malware still managed to make their way on the Google Play Store despite Google's strict security protocols.

Comments

Popular posts from this blog

The Best 10 Social Media Platforms for Photographers to Flaunt Their Talent

Social media offers an excellent opportunity for photographers to connect with potential clients. In the digital era, it's a great asset. By showcasing your work on these networks, you can reach new audiences. Whether you are a professional or freelance photographer, the following social platforms will help you show off your work and get the right people to take notice... 1. Behance Behance is a classic portfolio publishing network that functions like a LinkedIn for creatives. Designed by Adobe, this is one of the best photography networking sites currently out there. The platform is ideal for sharing your portfolio and favorite images, allowing other Behance users to like and comment on your photos. By learning from their feedback and professional critiques, you can improve your work. The coolest feature of Behance is that it lets you find professional gig opportunities right on the platform. With your portfolio already available on the site, getting work becomes effortless.

The 6 Best Platforms for Sharing Your Digital Art Online

Whether you're looking for somewhere to host your digital art portfolio or simply want to share your latest artworks, it can be difficult to choose a website to upload to. Or at least, it definitely is more so than before, now that art websites aren't bubbling with as much excitement as they used to be. You know that each site has its pros and cons, but it's hard to figure out what those are unless you make an account and see for yourself. Don't worry if you don't have time for that—we've got your back. Here are the websites we recommend for sharing digital art, and why you might want to consider them. 1. Pixiv If you were around when the online art scene was ridiculously active, chances are that your art style is influenced by anime and/or manga in some way. Otaku culture began its slow sneak into mainstream media back then, and Pixiv is a great home for artists that fall in that category. Pixiv started as a small online community based in Japan, but has s

Snapchat Suspends Two Anonymous Messaging Apps Over Cyberbullying Claims

In light of a lawsuit that was filed earlier, two Snapchat apps, Yolo and LMK have been suspended by Snap. The apps allowed users to send anonymous messages on the platform. The Lawsuit Calls for an Immediate Ban of Yolo and LMK According to a LA Times report, the lawsuit was filed on behalf of Kristin Bride, the mother of a teen who committed suicide in 2020. The lawsuit alleges that Bride's son took his own life after being cyberbullied via Yolo and LMK. In addition to this, the lawsuit alleges that Yolo and LMK aren't doing enough to tackle cyberbullying, and have consequently violated consumer protection law as well as their own terms of service and policies. Both apps use Snap Kit, a set of tools that allows developers to directly connect to Snapchat for better integration features. Today the family of a 16-year-old Oregon boy who took his own life after being cyberbullied sued Snap and the makers of apps YOLO and LMK, alleging that the companies should be "h