Skip to main content

What Is BlackRock Android Malware and How Can You Avoid It?

BlackRock malware is yet another threat that Android users have to worry about. This newly-discovered malware can attack a variety of different apps, stealing your information in the process.

Before you download another app, make sure you know what BlackRock malware is, and how you can protect yourself.

In May 2020, security company, ThreatFabric, discovered a digital danger that affects Android devices: BlackRock malware.

However, analysts quickly discovered that BlackRock malware actually isn't a new threat. BlackRock malware stems from the leaked Xeres malware source code, which is a type of LokiBot banking Trojan.

Despite being based on a banking Trojan, BlackRock malware doesn't just affect banking apps. It also targets shopping, lifestyle, social, entertainment, and even dating apps. This widespread coverage makes it especially dangerous.

In fact, it has 337 apps on its target list, some of which you might use on a daily basis. Its target apps aren't limited to one country either---it tackles apps across Europe, North America, and Australia.

ThreatFabric displays the entire target list in its report. Some apps on its list include Gmail, Netflix, Snapchat, eBay, Twitter, TikTok, Facebook Messenger, PayPal, and more.

So far, BlackRock malware hasn't been found on the Google Play Store. It currently attacks apps downloaded from third-party sites, but this doesn't mean that BlackRock malware will never appear on the Google Play Store. Aggressive hackers can still find ways to bypass Google's security protocols.

When BlackRock malware appears on your device, an unknowing user might never realize it. It uses a tactic known as an "overlay," which is a phony window that pops up over a legitimate app. The overlay blends in with the app, so it's difficult to tell whether the pop-up is part of the app or not.

The window will prompt you to enter your login information and credit card number before you can even start using the legitimate app. This allows it to get hold of your information right off the bat.

It infiltrates your device in the first place by getting Accessibility Services permissions. When you install an infected app, it'll prompt you to enable a fake Google Update. Accepting the "Google Update" allows it to intervene with your device.

If you aren't familiar with an Android's Accessibility feature, you should know that it's one of the most powerful functions on your device. It's meant to help Android owners with disabilities, but Accessibility Services can be used to hack your phone as well. This feature can automate a variety of tasks for the user, including tapping the screen, reading text aloud, and even creating captions.

Giving BlackRock permission to use Accessibility Services allows it to create the overlay you'll see when opening the target app. It also gives the malware additional abilities, as it will then proceed to use an Android DPC (device policy controller) to grant itself administrator privileges.

In other words, it doesn't just steal the sensitive information you type into its overlay---it can actually do much more than that. Not only can BlackRock intercept SMS messages, hide notifications, and lock your screen, but it can also engage in keylogging. That said, you definitely don't want this malware on your device.

As mentioned earlier, BlackRock hasn't yet been found on the Google Play Store. But just because it's currently attacking apps from third-party app stores, that doesn't mean that it'll never find its way to Google Play.

ThreatFabric states that it "can't yet predict how long BlackRock will be active on the threat landscape." In the meantime, it's important to keep some precautions in mind before downloading apps.

It's not a bad idea to have an antivirus app on your smartphone, but unfortunately, an antivirus app won't stop the BlackRock malware. When BlackRock infiltrates your phone, it has a feature that blocks you from using an antivirus app.

As soon as you open an antivirus or an Android cleaner app, such as Avast, Kaspersky, McAfee, BitDefender, or Superb Cleaner, BlackRock will immediately redirect you to your Home screen. This prevents you from removing the malware using an antivirus app.

So, if you download a sketchy app from a third-party store, and think that an antivirus app will keep you safe from all threats, think again.

You should keep an eye on app permissions no matter how legit an app may seem. Some apps ask for permissions that have nothing to do with the core function of the app.

For example, a flashlight app obviously doesn't need access to your SMS messages. This is a sign that you should uninstall the app immediately.

Since BlackRock malware asks for Accessibility Services permissions, you'll want to look out for any apps that require that specific privilege. If an app is legitimately for disabled users, has good reviews, and is from the Google Play Store, you can likely trust granting the Accessibility Services permission. Otherwise, avoid giving that privilege to any apps that don't need it.

Google Play Protect was put in place to scan your installed apps for malware as soon as you download them, as well as scan them periodically once installed. Third-party app stores don't have this safety feature, so you're pretty much on your own in terms of security.

The lack of security protocols on third-party stores has allowed BlackRock malware to thrive. To lower your risk of encountering BlackRock malware, try to avoid third-party apps stores, and refrain from downloading APKs.

Hopefully, BlackRock malware will never hit the Google Play Store. There's really no telling if the actors behind BlackRock malware can find a loophole in Google's security policies, but if they succeed, BlackRock malware could accrue a substantial number of victims.

If BlackRock ever does get onto the Google Play Store, it wouldn't be too surprising. After all, several apps containing Joker malware still managed to make their way on the Google Play Store despite Google's strict security protocols.

Comments

Popular posts from this blog

64 Best Free WordPress Blog Themes for 2020

Are you looking for a free WordPress blog theme for your website? There are thousands of free blog themes for WordPress, making it hard for beginners to choose between all the different options. The best WordPress themes can be tough to find. Your free theme needs to be reliable and easily customizable. In this article, we have hand-picked some of the best free WordPress blog themes that you can use on your site. Getting Started with WordPress First, you need to make sure that you are using the best blogging platform . Self-hosted WordPress.org is the perfect platform to start your blog because it gives you lots of freedom, flexibility, and control. We have a useful guide on the difference between WordPress.org and WordPress.com . WordPress.org is open source. It comes with support for thousands of free templates (called themes) and extensions (called plugins) that help you grow your blog faster. Take a look at our article on why you should use WordPress to learn more. You can...

The Best 10 Social Media Platforms for Photographers to Flaunt Their Talent

Social media offers an excellent opportunity for photographers to connect with potential clients. In the digital era, it's a great asset. By showcasing your work on these networks, you can reach new audiences. Whether you are a professional or freelance photographer, the following social platforms will help you show off your work and get the right people to take notice... 1. Behance Behance is a classic portfolio publishing network that functions like a LinkedIn for creatives. Designed by Adobe, this is one of the best photography networking sites currently out there. The platform is ideal for sharing your portfolio and favorite images, allowing other Behance users to like and comment on your photos. By learning from their feedback and professional critiques, you can improve your work. The coolest feature of Behance is that it lets you find professional gig opportunities right on the platform. With your portfolio already available on the site, getting work becomes effortless. ...

25 Awesome iPhone App Icon Packs to Customize Your Home Screen

With the release of iOS 14, Apple made it possible to customize the app icons on your iPhone's Home Screen without worrying about duplicates. Of course, most of us aren't graphic designers, so we need to rely on iOS app icon packs made by other people to change the look of our Home Screen. We've scoured the web to find the coolest, most unique, and best-designed iOS app icon packs for you to download. Before You Customize Your iOS App Icons There are a few important points you need to know before you customize the app icons on your iPhone Home Screen: It's time-consuming: For every app icon you want to change, you need to create a new shortcut in the Shortcuts app, then add it to your Home Screen and hide the original app. If you have a lot of apps, this could take hours. Custom icons don't show notification badges: Customized app icons act as a shortcut to the original app. For this reason, they don't show red notification badges like normal apps. The o...